doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a potential for indirect prompt injection due to its core function of processing external data.
- Ingestion points: The 'Context Gathering' stage encourages the agent to read from shared document links, uploaded files, and integrated messaging platforms like Slack, Teams, or Google Drive (SKILL.md).
- Boundary markers: The instructions do not define clear delimiters or 'ignore' commands for the agent to use when processing external data, making it potentially susceptible to hidden instructions within those sources.
- Capability inventory: The agent possesses significant capabilities including writing to the file system (
create_file), modifying content (str_replace), and spawning sub-agents for testing (SKILL.md). - Sanitization: There is no logic provided to sanitize, validate, or escape content retrieved from external integrations before it is used to influence the agent's drafting or testing actions.
Audit Metadata