coda-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads untrusted data from external Coda documents and possesses high-privilege capabilities.
- Ingestion points: Data enters the agent context via
CODA_LIST_TABLE_ROWS,CODA_SEARCH_ROW,CODA_GET_A_PAGE, andCODA_LIST_FORMULASwhich retrieve content from user-controlled documents. - Boundary markers: There are no defined delimiters or specific instructions to treat content retrieved from Coda as untrusted data rather than instructions.
- Capability inventory: The skill has high-impact capabilities including
CODA_ADD_PERMISSION(modifying access control),CODA_PUBLISH_DOC(making private data public), andCODA_UPSERT_ROWS(modifying document state). - Sanitization: No sanitization or validation logic is present to filter malicious instructions embedded within document text or table rows before they are processed by the agent.
Audit Metadata