doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection. It is designed to ingest and process data from external, potentially untrusted sources.
- Ingestion points: In the 'Context Gathering' stage of SKILL.md, the agent is instructed to fetch content from shared links, read team channels (Slack, Teams), and process user-provided files.
- Boundary markers: The prompt lacks explicit delimiters or specific 'ignore instructions' guards when processing content from these external sources, which may allow an attacker to embed malicious instructions within a document to manipulate the agent's behavior.
- Capability inventory: The skill has the capability to read from external integrations and perform file operations using
create_fileandstr_replacetools. - Sanitization: No sanitization or validation of the external content is performed before it is used to influence the document's structure or content drafting.
Audit Metadata