doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core purpose is to process external, potentially untrusted data.
- Ingestion points: The workflow explicitly pulls data from uploaded files, shared document links (Google Drive, SharePoint), and team messaging channels (Slack, Teams).
- Boundary markers: The instructions do not mandate the use of XML delimiters or boundary markers to isolate external content from the agent's control logic.
- Capability inventory: The agent has the capability to read external data and write/modify files using tools like
create_fileandstr_replace. - Sanitization: There is no requirement for the agent to sanitize, filter, or validate instructions that might be embedded within the documents or messages being co-authored.
Audit Metadata