doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes a workflow that incorporates untrusted data from external environments, creating a surface for indirect prompt injection.
- Ingestion points: Data is gathered via integrations and MCP servers from Slack threads, Teams channels, Google Drive, and SharePoint documents, as well as unstructured 'info dumps' provided by the user in SKILL.md.
- Boundary markers: The skill instructions do not specify the use of delimiters or 'ignore' instructions when processing or drafting from the ingested external context.
- Capability inventory: The agent is instructed to use
create_fileto generate document artifacts andstr_replaceto perform surgical edits on existing files. It also has the capability to invoke sub-agents to test document clarity. - Sanitization: There are no instructions for sanitizing or validating external content before it is used for brainstorming or drafting purposes.
Audit Metadata