Skills
skills/joaquimscosta/arkhe-claude-plugins/doc-coauthoring/Gen Agent Trust Hub

doc-coauthoring

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability surface by encouraging the ingestion of untrusted data from multiple external sources.
  • Ingestion points: In WORKFLOW.md, the instructions guide the agent to fetch context from shared documents, messaging apps (Slack, Teams), and cloud storage (Google Drive, SharePoint) via integrations or manual pasting.
  • Boundary markers: Absent. The skill lacks instructions to wrap external content in delimiters or to warn the model to ignore instructions embedded in the retrieved data.
  • Capability inventory: The skill has access to file-writing tools (create_file, str_replace) and the ability to spawn sub-agents for automated testing in Stage 3.
  • Sanitization: Absent. There is no requirement for the agent to validate, filter, or escape content from external sources before drafting documents or passing data to sub-agents.
  • [PROMPT_INJECTION]: The 'Reader Testing' stage described in WORKFLOW.md creates a multi-step chain risk. The skill instructs the primary agent to provide drafted content to a 'fresh Claude' (sub-agent). If malicious instructions are injected into the draft from an external source during the context gathering phase, the sub-agent could be influenced or compromised.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 10:55 AM
Security Audit — agent-trust-hub — doc-coauthoring