internal-comms
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it encourages the ingestion of data from sources controlled by multiple users (Slack, Email, Google Drive). Ingestion points: Detailed in examples/3p-updates.md, examples/company-newsletter.md, and examples/faq-answers.md, which direct the agent to retrieve data from corporate communication tools. Boundary markers: The skill does not provide delimiters or instructions to treat retrieved content as untrusted data. Capability inventory: The agent uses the fetched data to generate summaries and newsletters, which could lead to the propagation of malicious instructions or biased reporting if the source data is manipulated. Sanitization: No sanitization or validation steps are included for the data retrieved from external tools.
- [NO_CODE]: The skill consists entirely of Markdown files and does not contain any executable scripts, binaries, or configuration files that trigger code execution.
Audit Metadata