doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted data from multiple external sources to co-author documentation.
- Ingestion points: Content is retrieved from messaging channels (Slack, Teams), cloud storage platforms (Google Drive, SharePoint), and raw user info-dumps as described in the Stage 1 workflow in SKILL.md.
- Boundary markers: The skill lacks explicit instructions to wrap external content in delimiters or use safety warnings to prevent the agent from following instructions embedded within the ingested data.
- Capability inventory: The skill uses file system manipulation tools (create_file, str_replace) and has the ability to invoke sub-agents using the ingested content.
- Sanitization: No evidence of sanitization, input validation, or filtering of the external content is provided before it is processed or incorporated into generated documents.
Audit Metadata