doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface where malicious instructions could be embedded in the external data it processes.
- Ingestion points: In
SKILL.md, the workflow encourages the agent to fetch and read content from external sources including shared documents (Google Drive, SharePoint), messaging threads (Slack, Teams), and user-provided links during the 'Context Gathering' stage. - Boundary markers: The skill lacks instructions for the agent to wrap ingested external content in delimiters or to ignore embedded instructions found within those documents or messages.
- Capability inventory: Across the workflow, the agent is granted capabilities to create and modify files (via
create_fileandstr_replace) and can delegate tasks to sub-agents during the 'Reader Testing' phase, which could be exploited if the primary agent is compromised by injected instructions. - Sanitization: There is no requirement or logic for sanitizing, escaping, or validating the content retrieved from external integrations before it is used to influence the document's structure or the agent's testing behavior.
Audit Metadata