DocuSign Automation
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill contains no instructions designed to bypass agent safety protocols or override system behavior. All instructions are focused on the task of document automation.
- [DATA_EXFILTRATION]: No sensitive data access or exfiltration patterns were found. The skill uses variable placeholders and generic example URLs for webhooks, which are standard for configuration templates.
- [REMOTE_CODE_EXECUTION]: There are no patterns suggesting the download or execution of external scripts. The JavaScript examples provided in the documentation are for illustrative purposes and do not involve untrusted remote code execution.
- [INDIRECT_PROMPT_INJECTION]: The skill presents an integration surface for processing external data.
- Ingestion points: Documents, Signer information, Template configurations, and Workflow rules (SKILL.md).
- Boundary markers: Not explicitly defined in interpolation templates.
- Capability inventory: Tools for envelope creation, template management, and signing workflows (SKILL.md).
- Sanitization: Not specified within the skill instructions.
- The risk is considered low as this is standard functionality for a document automation integration.
Audit Metadata