doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection via its context gathering mechanism.
- Ingestion points: Data is pulled from external files, shared document links, and team messaging channels (Slack, Teams) in Stage 1 of the workflow.
- Boundary markers: The instructions do not define delimiters or instructions to disregard embedded commands in the ingested context.
- Capability inventory: The skill uses tools like 'create_file' and 'str_replace' to generate content, which could be manipulated by instructions hidden in the context.
- Sanitization: No sanitization or validation of the ingested external data is performed before it is used in prompts.
Audit Metadata