moai-internal-comms
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill's primary function is to process content from internal channels like Slack and Email, which are sources of untrusted input that can contain adversarial instructions.
- Ingestion points: As specified in the example files (e.g.,
examples/3p-updates.md), the agent is instructed to pull data from Slack, Google Drive, and Email. - Boundary markers: The skill lacks explicit boundary markers or instructions to treat ingested data purely as text, increasing the risk that embedded instructions might be executed.
- Capability inventory: The agent has access to
Bash,Write, andWebFetchtools, which could be leveraged if an injection attack succeeds. - Sanitization: There are no instructions provided for sanitizing or validating the ingested content.
- [DATA_EXFILTRATION]: The skill requires access to sensitive corporate information, including employee communications and internal documents. This extensive access scope represents a data exposure risk if the agent is manipulated into revealing information to unauthorized parties.
Audit Metadata