internal-comms
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions (found in
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.md) direct the agent to retrieve and summarize information from external, potentially attacker-influenced sources. This creates a risk for indirect prompt injection. \n - Ingestion points: Public or shared Slack channels, email threads, Google Drive documents, and external press articles. \n
- Boundary markers: The instructions do not include delimiters or specific guidance to treat external content as untrusted data rather than instructions. \n
- Capability inventory: While the skill itself only performs text synthesis, it utilizes the agent's integrated capabilities to read and search sensitive organizational platforms. \n
- Sanitization: No mechanisms for filtering, escaping, or validating the ingested content are present to prevent embedded instructions from being executed by the agent. \n- [NO_CODE]: The skill contains only Markdown documentation and templates. There are no executable scripts, shell commands, or external package dependencies, which minimizes the risk of direct malware or unauthorized system modifications.
Audit Metadata