internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection.
- Ingestion points: Instructions in 'examples/3p-updates.md', 'examples/company-newsletter.md', and 'examples/faq-answers.md' direct the agent to read content from Slack, Google Drive, Email, and Calendar.
- Boundary markers: The skill fails to use delimiters or 'ignore embedded instructions' warnings when processing this external data.
- Capability inventory: The skill utilizes the agent's broad read access to integrated corporate communication and storage tools.
- Sanitization: There are no instructions to validate or sanitize the ingested data, allowing maliciously crafted Slack messages or documents to potentially hijack the agent's behavior.
- [DATA_EXFILTRATION]: The skill facilitates the aggregation of sensitive corporate data.
- Evidence: It directs the agent to search for 'emails from executives,' 'critical team member docs,' and 'company-wide vision docs.' If the agent is successfully manipulated via injection, this sensitive information could be leaked into the final communication outputs.
- [NO_CODE]: The skill consists entirely of markdown instructions and lacks any scripts or executable code.
Audit Metadata