doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from external sources and has file-writing capabilities.\n
- Ingestion points: Content is retrieved from messaging apps (Slack, Teams) and shared document storage (Google Drive, SharePoint) during the context gathering stage (SKILL.md).\n
- Boundary markers: The instructions do not define specific delimiters or instructions to ignore embedded commands in the fetched data.\n
- Capability inventory: The agent uses
create_fileto establish document structures andstr_replaceto refine drafted sections.\n - Sanitization: No sanitization or validation of external content is specified before processing.\n- [EXTERNAL_DOWNLOADS]: The skill references integrations with well-known productivity services including Google Drive, SharePoint, and Slack to pull context. These references are part of the intended document workflow and are documented neutrally as they target established platforms.\n- [COMMAND_EXECUTION]: The skill instructs the agent to use
create_fileandstr_replacetools to generate and update document artifacts. These commands are used solely for managing the document draft within the user's workspace.
Audit Metadata