internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and summarize large volumes of untrusted data from internal platforms, creating a significant vulnerability surface (Category 8).\n
- Ingestion points: Internal Slack channels, company-wide email threads, and Google Drive documents as specified in
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.md.\n - Boundary markers: Absent. There are no delimiters or 'ignore instructions' warnings used to wrap the ingested content, increasing the risk that the agent follows malicious instructions embedded in the data.\n
- Capability inventory: The skill utilizes the agent's ability to read from organizational tools and generate textual reports; it does not include dangerous capabilities like shell access or file writing.\n
- Sanitization: Absent. The skill lacks instructions to validate, escape, or sanitize content pulled from external sources before it is processed by the LLM.
Audit Metadata