doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates gathering context from well-known services including Google Drive, Slack, Microsoft Teams, and SharePoint via official integrations. These references are used for the primary purpose of the skill and do not involve untrusted remote code execution.
- [COMMAND_EXECUTION]: The workflow utilizes standard environment tools such as
create_fileandstr_replaceto manage document artifacts and perform surgical edits on drafted sections. These operations are conducted within the workspace context provided by the host. - [PROMPT_INJECTION]: The skill ingests external data (user info dumps and shared documents) to draft content, which naturally creates a surface for indirect prompt injection.
- Ingestion points: Stage 1 (Context Gathering) in
SKILL.mdwhere external document content is fetched. - Boundary markers: The instructions do not explicitly require the agent to use delimiters when processing untrusted context.
- Capability inventory: The skill can create and modify files (
create_file,str_replace) and invoke sub-agents for verification. - Sanitization: No specific input sanitization or filtering logic is defined for the ingested context.
Audit Metadata