doc-coauthoring
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface detected due to the processing of untrusted external content into agent-controlled artifacts.
- Ingestion points: SKILL.md (Stage 1: Context Gathering) instructs the agent to pull data from 'team channels', 'shared documents', and user-provided 'info dumps'.
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to isolate untrusted content from the agent's core logic.
- Capability inventory: The skill utilizes
create_fileandstr_replacetools to modify the local filesystem based on the ingested content and invokes sub-agents in Stage 3 (Reader Testing) with the generated text. - Sanitization: There is no requirement or logic for sanitizing or escaping the external content before it is used to draft documents or passed to other LLM instances.
Audit Metadata