doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's primary function involves ingesting untrusted data from various external sources to guide document creation, creating an indirect prompt injection surface.
- Ingestion points: The workflow explicitly gathers context from user info dumps, shared document links, and messaging integrations like Slack or Teams as described in Stage 1.
- Boundary markers: The instructions do not mandate the use of clear delimiters or instructions to ignore embedded commands within the ingested content.
- Capability inventory: The agent is instructed to use file system tools such as create_file and str_replace and to interact with external integrations, which could be misdirected by malicious content in the ingested data.
- Sanitization: There are no instructions for validating or sanitizing the content retrieved from external sources before it is used for drafting or editing documents.
Audit Metadata