Nice idea — prompt injection is one of those problems that gets hand-waved until it's in production. The CI/CD gating (fail hard on Critical) is the right call. Most security tooling only warns; blocking the pipeline is what actually changes behavior.