internal-comms
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is instructed to read and summarize data from external, user-controlled sources such as Slack messages, Google Drive documents, and emails. An attacker could place malicious instructions within these sources (e.g., a Slack message or a shared document) that the agent might inadvertently follow when gathering context for reports or FAQs.
- Ingestion points: The skill reads from Slack channels, Google Drive docs, Email threads, and Calendar events (specified in
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.md). - Boundary markers: The instructions do not include specific delimiters or 'ignore' instructions for the data being retrieved.
- Capability inventory: The agent has the capability to read extensive organizational data and reformat it into summaries, newsletters, and FAQs.
- Sanitization: There is no evidence of sanitization or validation of the content retrieved from these external platforms before it is processed by the LLM.
Audit Metadata