ce-doc-review
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a multi-agent orchestration pattern for document review that adheres to security best practices. It explicitly honors the user's configured permission environment when spawning subagents and performing file edits.
- [PROMPT_INJECTION]: The skill manages the risk of Indirect Prompt Injection from the documents it analyzes through the following evidence chain:
- Ingestion points: Phase 1 reads content from documents at user-provided or discovered paths in
docs/brainstorms/ordocs/plans/(SKILL.md). - Boundary markers: Subagent prompt templates use explicit XML-style tags (
<persona>,<output-contract>,<review-context>) to isolate instructions from document content (references/subagent-template.md). - Capability inventory: The orchestrator utilizes platform tools for file searching (
Glob), user interaction (AskUserQuestion), and document modification (Edit). It spawns personas via the platform'sAgentsubagent primitive. - Sanitization: Subagents are constrained to a JSON-only response schema and are instructed to be operationally read-only. Metadata written back to documents is sanitized by stripping HTML comment terminators (
-->) to prevent injection attacks (references/open-questions-defer.md). - [COMMAND_EXECUTION]: All document mutations are handled by the orchestrator using native tools. Subagents are strictly prohibited from performing mutations, creating files, or invoking other skills directly (references/subagent-template.md).
- [SAFE]: The skill includes explicit protections for critical project artifacts, discarding any findings that recommend the deletion of files in brainstorm, plan, or solution directories (references/synthesis-and-presentation.md).
Audit Metadata