internal-comms
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly susceptible to indirect prompt injection due to its reliance on untrusted multi-user data sources. * Ingestion points: Identified in 3p-updates.md, company-newsletter.md, and faq-answers.md as Slack messages, Google Drive documents, and internal emails. * Boundary markers: Absent; the instructions do not provide delimiters or directives to the agent to treat source content as data-only or to ignore embedded instructions. * Capability inventory: The agent's output consists of trusted organizational communications (newsletters, leadership updates) for audiences of 1000+ people, creating a significant social engineering vector. * Sanitization: None; there are no requirements for the agent to validate, filter, or escape content retrieved from the integrated tools.
Recommendations
- AI detected serious security threats
Audit Metadata