doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests data from external sources such as Slack, Teams, and Google Drive to gather context, which exposes the agent to indirect prompt injection if those sources contain malicious instructions.
- Ingestion points: Context is gathered from shared document links, uploaded files, and messaging tool integrations mentioned in the Context Gathering stage.
- Boundary markers: The instructions do not specify delimiters or warnings to ignore instructions embedded within the ingested context during processing.
- Capability inventory: The skill utilizes file system tools including create_file and str_replace to generate and edit document drafts.
- Sanitization: There is no evidence of sanitization or content filtering for the data fetched from external integrations.
Audit Metadata