doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing untrusted data from multiple sources.
- Ingestion points: The workflow ingests content from external sources including local files provided by the user, shared document platforms (Google Drive, SharePoint), and messaging channels (Slack, Teams).
- Boundary markers: The skill does not define explicit delimiters or 'ignore' instructions to isolate processed context from its internal workflow logic.
- Capability inventory: The agent uses
create_fileto generate document scaffolds andstr_replaceto perform iterative edits on the filesystem. - Sanitization: No explicit sanitization, validation, or filtering of external content is specified before the data is integrated into the prompt context.
- [EXTERNAL_DOWNLOADS]: Fetches document context and templates from external integrations and links. These operations utilize well-known services (e.g., Google Drive, Slack) and typically require user-enabled connectors or explicit confirmation.
- [COMMAND_EXECUTION]: Uses local file system tools to create and modify documents. The operations (create_file, str_replace) are consistent with the skill's primary purpose of document co-authoring and do not involve arbitrary command execution.
Audit Metadata