writing-review
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a pre-tool hook to execute a platform-resident Python script (
phase-gate-guard.py) for state validation. It also uses dynamic context injection (the!catcommand) to load local configuration and constraint files from the references directory at load time. These operations are restricted to the local environment and are used for administrative orchestration. - [PROMPT_INJECTION]: The skill manages an indirect prompt injection surface as it is designed to read and process untrusted document drafts. It successfully mitigates this risk through architectural separation and verification.
- Ingestion points: Reads files from the
drafts/directory during the analysis phase. - Boundary markers: Uses 'Iron Laws' and strict structured templates (e.g., Topic Sentence Inventory) to constrain the model's focus to specific text segments.
- Capability inventory: Subagents performing the actual review are restricted to the
Read,Grep, andGlobtools. The lead orchestrator agent retainsAgentandSkillcapabilities. - Sanitization: Implements a 'Verification Gate' that requires the orchestrator to spot-check subagent-generated quotes against the original source text to detect hallucinations or manipulation.
Audit Metadata