doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface.
- Ingestion points: The workflow explicitly asks users to provide files, links to shared documents, and access to team communication channels (Slack, Teams) or repository data via CLI tools.
- Boundary markers: There are no explicit instructions or delimiters defined to ensure the agent treats external content as passive data rather than executable instructions.
- Capability inventory: The agent has the ability to create and modify files on the local filesystem (
create_file,str_replace) and interact with external project management APIs. - Sanitization: The skill does not include steps to sanitize, escape, or validate the content retrieved from external sources before it is used to influence the agent's drafting and decision-making process.
- [COMMAND_EXECUTION]: The skill suggests using well-known CLI tools such as GitHub's
ghand Atlassian'saclito retrieve project context. These tools are from trusted vendors and are used here for their intended administrative and data-retrieval purposes.
Audit Metadata