drafting
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust drafting workflow that prioritizes evidence-based writing and manuscript quality. Key security and reliability features include:
- Claim-First Protocol: Enforces a hard rule that no prose can be written until its underlying claims are resolved to 'evidence_ready' or 'verified' status. This is backed by a local pre-tool-use hook (
enforce-claims.sh) that blocks unauthorized writes. - Subagent Orchestration: Uses a dynamic workflow to dispatch independent drafting tasks to a
section-drafteragent, followed by two stages of review (spec-reviewerandmanuscript-reviewer). - Terminology Ledger: Centralizes the management of technical terms to prevent terminological drift across sections, enforced by the
enforce-terms.shhook. - Structured Standards: Employs industry-standard frameworks (CARS, BPMRC, OFCA, etc.) to ensure structural consistency and rhetorical effectiveness, reducing the risk of hallucinated or incoherent output.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it interpolates external content into the subagent's prompt template.
- Ingestion points: Task descriptions from
.writing/plan.mdand section-specific instructions fromreferences/section-standards/*.mdare inlined into thesection-draftersubagent prompt. - Boundary markers: The prompt template in
references/section-drafter-prompt.mduses clearly defined Markdown headers (## Inputs,## Section standard) to separate instructional context from injected data. - Capability inventory: The agent has access to file system read/write operations,
gitcommands, and thezoteroMCP toolset for citation management. - Sanitization: While no explicit string sanitization is performed on the plan or standards text, the skill's reliance on a multi-stage review pipeline and automated pre-tool-use hooks provides a significant defensive layer against malicious instructions in input files.
Audit Metadata