doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core functionality of processing untrusted external data.
- Ingestion points: The workflow specifically instructs the agent to fetch and read content from external links to shared documents and messaging threads (Slack, Teams) via integrations.
- Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from accidentally executing instructions that may be embedded within the documents or chat logs it retrieves.
- Capability inventory: The agent is granted capabilities to create and modify files (
create_file,str_replace) and search connected tools, which could be manipulated if the agent obeys malicious instructions in the source text. - Sanitization: The skill does not implement sanitization or validation of the data pulled from external sources before it is incorporated into the drafting and refinement process.
Audit Metadata