cpp-core-guidelines-review

Lack of input: No actual code to assess for malicious behavior or supply-chain risks. As a result, there is insufficient material to determine purpose-capability alignment, install/execution trust, scope proportionality, or data-flow integrity. The fragment appears to be a meta-instruction/spec for coordinating sub-agents rather than a payload that would execute. If this is the entirety of what will run, it is not inherently malicious, but assessment of risks requires analyzing the actual agent implementations and any code they execute. Recommend providing the concrete code to review or confirm the executed artifacts (agents/guideline-section-reviewer.md and related templates) before concluding security posture.