doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its context-gathering process.
- Ingestion points: In Stage 1, the agent is instructed to read content from user-provided files, external links, and messaging or storage integrations including Slack, Teams, Google Drive, and SharePoint.
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore instructions' warnings to separate external data from the agent's internal workflow logic.
- Capability inventory: The agent has the ability to write new files ('create_file') and modify existing content ('str_replace') based on the gathered context.
- Sanitization: No sanitization or validation of the retrieved external content is performed before it is used to influence the drafting and refinement stages.
Audit Metadata