doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its document and context ingestion features.
- Ingestion points: The workflow explicitly requests and processes content from shared documents, team channels (Slack, Teams), and files in Stage 1 and Stage 2.
- Boundary markers: Absent. The skill does not instruct the agent to use delimiters or ignore instructions found within the retrieved text, increasing the risk that the agent follows malicious commands embedded in user-provided documents.
- Capability inventory: The skill uses create_file and str_replace tools to create and modify artifacts or files based on the ingested context.
- Sanitization: There is no mention of sanitizing, filtering, or validating external content before it is used to brainstorm or draft document sections.
Audit Metadata