doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its core functionality of ingesting external data.
- Ingestion points: Processes content from external shared documents, team channels (Slack, Teams), and cloud storage (Google Drive, SharePoint) during the Context Gathering and Reader Testing stages.
- Boundary markers: Absent. The instructions do not specify using delimiters or instructions to ignore embedded commands in the fetched data.
- Capability inventory: The skill uses create_file, str_replace, and potentially sub-agent invocation or integration-specific write actions.
- Sanitization: Absent. No mention of filtering or validating external content before it is used in the drafting process.
- [COMMAND_EXECUTION]: The skill utilizes file manipulation tools to manage document creation as part of its intended workflow.
- Evidence: Employs create_file to establish document scaffolds and str_replace to perform granular updates to sections during the refinement stage.
Audit Metadata