case-study-prep
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from external sources, which creates a potential surface for indirect prompt injection attacks.
- Ingestion points: Untrusted data is retrieved from user-provided Google Docs via the
google_drive_fetchtool and from Slack thread responses generated by theeonbot. - Boundary markers: The instructions do not specify the use of delimiters or protective markers to separate the ingested customer notes from the agent's core processing logic.
- Capability inventory: The skill possesses the capability to write files to the system (generating
.docxfiles) and interact with Slack messaging. - Sanitization: There is no evidence of content sanitization or instruction-filtering for the data fetched from external sources before it is synthesized into the final document.
- [COMMAND_EXECUTION]: The skill references a
validate.pyscript and adocx-jstool. These appear to be internal platform capabilities or associated skills used for standard document validation and generation within the expected workflow. - [DATA_EXFILTRATION]: The skill reads data from Slack and Google Drive to produce a local document. No network exfiltration to non-whitelisted third-party domains was detected; interactions are limited to the platform's internal tools and the Slack bot 'eon'.
Audit Metadata