doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing content from external sources without sanitization.\n
- Ingestion points: Data enters the agent context through shared document links, file uploads, and content fetched from integrations like Google Drive, SharePoint, Slack, and Microsoft Teams (referenced in
SKILL.md).\n - Boundary markers: The skill instructions do not specify the use of delimiters or warnings to isolate ingested content from the agent's primary instructions.\n
- Capability inventory: The skill utilizes
create_fileandstr_replaceto generate and update documents (referenced inSKILL.md).\n - Sanitization: No sanitization, filtering, or validation of the retrieved external content is mentioned or implemented.\n- [EXTERNAL_DOWNLOADS]: The skill fetches information from well-known services including Google Drive, Slack, Microsoft Teams, and SharePoint to gather document context.\n- [COMMAND_EXECUTION]: The workflow involves standard file management operations using
create_filefor initial scaffolding andstr_replacefor applying iterative edits.
Audit Metadata