Skills
skills/jamie-bitflight/claude_skills/kaizen-improvement/Gen Agent Trust Hub

kaizen-improvement

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill generates and installs Node.js scripts for use as platform hooks (PreToolUse, SubagentStart, SubagentStop, Stop). These scripts are written to the local file system and executed by the platform's hook runner to enforce behavior or validate outputs.
  • [EXTERNAL_DOWNLOADS]: Skill documentation and templates reference official documentation from code.claude.com for technical guidance on hook configuration and implementation.
  • [PROMPT_INJECTION]: Identified an indirect prompt injection surface as the skill ingests findings from the .planning/kaizen/ directory and interpolates them into prompt templates and system configurations.
  • Ingestion points: Analysis findings are read from the .planning/kaizen/ directory (SKILL.md).
  • Boundary markers: No explicit boundary markers or 'ignore embedded instructions' warnings are present in the templates that process the findings data.
  • Capability inventory: The skill has the capability to write to project configuration files (.claude/settings.json, hooks/hooks.json) and generate executable scripts (SKILL.md, hook-patterns.md).
  • Sanitization: Findings are interpolated into templates and configuration files without explicit sanitization or validation of the input content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 08:42 AM