doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting untrusted data from various sources.
- Ingestion points: The skill explicitly instructs the agent to read shared documents, files provided by the user, and content from integrated services like Slack, Teams, or Google Drive (SKILL.md).
- Boundary markers: There are no explicit instructions in the prompt to use delimiters or unique markers to separate untrusted external content from the agent's system instructions during processing.
- Capability inventory: The agent has the capability to write files to the local system using
create_fileand modify them withstr_replace. It also has the capability to invoke sub-agents to process document content during the 'Reader Testing' phase. - Sanitization: No sanitization or filtering of external content is mentioned before the data is processed or used to draft sections.
Audit Metadata