internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection attacks because it directs the agent to ingest and summarize information from untrusted sources.
- Ingestion points: File instructions in 'examples/3p-updates.md', 'examples/company-newsletter.md', and 'examples/faq-answers.md' direct the agent to retrieve data from Slack messages, emails, Google Drive documents, and Calendar events.
- Boundary markers: There are no instructions or delimiters provided to help the agent distinguish between its system instructions and potentially malicious commands embedded within the retrieved documents or messages.
- Capability inventory: The agent utilizes read access to sensitive organizational data and possesses the capability to output summaries to company-wide channels.
- Sanitization: The skill lacks requirements for the agent to sanitize, escape, or validate the content it retrieves before incorporating it into communications.
- No Code (SAFE): The skill consists entirely of Markdown instruction files and does not include executable scripts or external package dependencies.
Audit Metadata