doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates a workflow that ingests untrusted data from external sources, creating a surface for indirect prompt injection.
- Ingestion points: Stage 1 (Context Gathering) and Stage 2 (Refinement) involve reading shared documents, files, and messaging history (Slack/Teams) as documented in
SKILL.md. - Boundary markers: The instructions lack explicit delimiters or guidance for the agent to ignore potentially malicious instructions embedded within the gathered context.
- Capability inventory: The agent utilizes file-writing capabilities (
create_fileandstr_replace) and sub-agent invocation, which could be misdirected if an injection occurs. - Sanitization: No procedures for sanitizing or validating external input are defined in the instructions.
Audit Metadata