internal-comms
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a significant attack surface for indirect prompt injection due to its core workflow of ingesting and summarizing untrusted external data.
- Ingestion points: The files
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.mdexplicitly instruct the agent to gather information from Slack messages, Google Drive documents, emails, and calendar events. - Boundary markers: The instructions do not include any delimiters or 'ignore embedded instructions' warnings to prevent the agent from obeying instructions found within the analyzed data.
- Capability inventory: The agent is designed to output company-wide communications (newsletters, FAQs, and status reports), which could serve as a vector for distributing injected content or malicious links to a large audience.
- Sanitization: There are no requirements for the agent to sanitize, validate, or filter the content retrieved from these external sources before including it in the final communication.
Audit Metadata