doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's primary function involves ingesting data from external sources such as shared documents, team messaging channels (Slack, Teams), and user-provided files. This creates a surface for indirect prompt injection where malicious instructions embedded within these external sources could potentially influence the agent's behavior during the document creation process.
- Ingestion points: Stage 1 context gathering via shared document links, file uploads, and team channel integrations (SKILL.md).
- Boundary markers: The instructions do not define specific delimiters or 'ignore' instructions for the fetched content.
- Capability inventory: Employs create_file and str_replace for document assembly and uses integrations to read external data.
- Sanitization: There is no mention of sanitizing or validating the content retrieved from external integrations before it is processed.
Audit Metadata