doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to fetch and process content from external, potentially untrusted sources such as Slack channels, Microsoft Teams threads, and shared document repositories. Malicious instructions embedded in these external sources could influence the agent's behavior during the drafting process.
- Ingestion points: External documents, messaging platforms, and user-provided links as specified in the Stage 1 Context Gathering phase of SKILL.md.
- Boundary markers: The instructions do not define the use of specific delimiters or warnings to the agent to ignore embedded instructions within the retrieved external content.
- Capability inventory: The skill utilizes
create_fileandstr_replacefor artifact management and invokes sub-agents for the 'Reader Testing' phase in Stage 3. - Sanitization: There are no explicit instructions for sanitizing or validating the content retrieved from external integrations before it is processed by the agent.
Audit Metadata