doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its design of gathering context from untrusted external sources which could influence subsequent drafting and testing phases.\n
- Ingestion points: The workflow involves reading user-provided files, shared links, and data from messaging/storage integrations like Slack, Teams, Google Drive, and SharePoint (Stage 1 and 3).\n
- Boundary markers: There are no explicit delimiters or safety instructions specified to isolate or ignore potential prompts embedded within the ingested data.\n
- Capability inventory: The skill utilizes
create_fileandstr_replacefor document management and invokes sub-agents to test the generated content.\n - Sanitization: No evidence of sanitization or validation of external content is present before its use in prompts or tool calls.\n- [COMMAND_EXECUTION]: The skill uses tools to perform file system operations as part of its document management workflow.\n
- Evidence: Use of
create_filefor initializing artifacts or local markdown files andstr_replacefor updating specific document sections.
Audit Metadata