docs
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill metadata description uses imperative language ("CRITICAL: You MUST activate this skill") to override the agent's natural selection and prioritize this skill whenever document-related tasks are mentioned.
- [PROMPT_INJECTION]: The skill processes untrusted data from document text, comments, and suggested edits without implementation of boundary markers or sanitization.
- Ingestion points: The skill reads document content, comments, and suggested edits via
docs.getText,docs.getComments, anddocs.getSuggestionsinSKILL.md. - Boundary markers: Not implemented; no instructions are provided to ignore or delimit commands found within the document data.
- Capability inventory: The skill has extensive capabilities to modify the environment, including
docs.create,docs.writeText,docs.replaceText, anddocs.moveas defined inSKILL.md. - Sanitization: Not implemented; the skill does not perform validation or escaping of the content retrieved from documents.
Audit Metadata