doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external sources and uses it to drive document creation and sub-agent queries.
- Ingestion points: External document links, uploaded files, and message history from integrated platforms such as Slack and Microsoft Teams are used during 'Stage 1: Context Gathering'.
- Boundary markers: The skill lacks explicit instructions for the agent to use delimiters or ignore instructions found within retrieved external content, increasing the risk of the agent obeying commands embedded in source documents.
- Capability inventory: The agent uses tools like 'create_file' and 'str_replace' to generate and edit files in the working directory and invokes sub-agents for verification in 'Stage 3: Reader Testing'.
- Sanitization: No sanitization or validation of the external content is performed before it is processed by the agent.
Audit Metadata