internal-comms

The skill consists solely of .txt and .md files, which are descriptive and instructional in nature. No executable scripts (e.g., .sh, .py, .js) were found. This significantly reduces the attack surface for common threats.

1. Prompt Injection: All markdown files were scanned for explicit prompt injection patterns (e.g., 'IMPORTANT: Ignore', 'You are now DAN'). No such patterns were detected. The instructions are detailed but aim to guide the AI's behavior within the skill's intended purpose, not to bypass safety mechanisms.
2. Data Exfiltration: No commands like curl, wget, cat, ssh, or references to sensitive file paths (e.g., ~/.aws/credentials) were found. The 'Tools Available' sections in the example files (e.g., examples/3p-updates.md) refer to information sources (Slack, Google Drive, Email, Calendar) that the AI is expected to have internal access to, not commands for the agent to execute to exfiltrate data. Therefore, this does not constitute a data exfiltration finding within the skill's code.
3. Obfuscation: No Base64 encoding, zero-width characters, Unicode homoglyphs, or URL/hex/HTML encoding were found in any of the files.
4. Unverifiable Dependencies: There are no npm install, pip install, git clone, or other commands to fetch external code or packages. All referenced examples/ files are local and part of the skill package.
5. Privilege Escalation: No sudo, chmod, doas, or attempts to modify system files were found.
6. Persistence Mechanisms: No modifications to shell configuration files (.bashrc), cron jobs, or system service files were detected.
7. Metadata Poisoning: The SKILL.md metadata fields (name, description, license) were checked and found to be benign, containing no malicious instructions.
8. Indirect Prompt Injection: While the skill is designed to process information from external sources (Slack, Google Drive, Email), making it inherently susceptible to indirect prompt injection if the content from those sources is malicious, this is a general risk for such skills and not a vulnerability introduced by the skill's own code. The skill itself does not contain malicious content that would trigger this.
9. Time-Delayed / Conditional Attacks: No conditional logic based on dates, times, usage counts, or environment variables was found.

Given that the skill is purely instructional and contains no executable components or malicious patterns, it is deemed safe.