doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses tools like
create_fileandstr_replaceto manage document drafts and apply iterative edits. These operations are restricted to the local workspace and are necessary for the skill's primary purpose. - [EXTERNAL_DOWNLOADS]: The workflow describes fetching content from external services including Google Drive, SharePoint, Slack, and Microsoft Teams. While these are well-known services, the skill relies on these external inputs to build document context.
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core functionality of processing external data.
- Ingestion points: The agent ingest data from external files, shared document links, and messaging platform threads (Slack/Teams).
- Boundary markers: There are no explicit boundary markers or instructions to the LLM to ignore potentially malicious instructions embedded within the imported context.
- Capability inventory: The agent possesses file-writing capabilities (
create_file,str_replace) which could be manipulated if an ingested document contains malicious instructions. - Sanitization: No sanitization or validation of the external content is performed before the data is interpolated into the agent's context.
Audit Metadata