doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of ingesting and processing untrusted data from external platforms.
- Ingestion points: The skill explicitly instructs the agent to read context from messaging apps (Slack, Teams) and document storage (Google Drive, SharePoint) via integrations or MCP servers, as well as reading local files and shared document links provided by the user (SKILL.md).
- Boundary markers: The skill lacks explicit instructions to use boundary markers or to ignore embedded instructions within the gathered context, which could allow malicious instructions in those documents to influence the agent's behavior.
- Capability inventory: The agent has permissions to create and modify files (using
create_fileandstr_replace) based on the ingested context. - Sanitization: There is no evidence of sanitization or filtering of the external content before it is used to draft document sections.
Audit Metadata