internal-comms
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its reliance on untrusted external data sources without sufficient isolation or validation.
- Ingestion points: The skill explicitly directs the agent to gather context from Slack posts, Google Drive documents, emails, calendar events, and external press articles as seen in 'examples/3p-updates.md' and 'examples/company-newsletter.md'.
- Boundary markers: No explicit delimiters or instructions are provided to help the agent distinguish between its core instructions and the data retrieved from external tools.
- Capability inventory: The agent utilizes tools to read communication history and documents, which could be leveraged if an attacker embeds malicious prompts in shared company resources.
- Sanitization: The instructions lack any requirement for the agent to sanitize, escape, or validate the content it retrieves before processing or outputting it.
Audit Metadata