internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill functions by ingesting data from external and potentially untrusted sources to generate newsletters and status updates.
- Ingestion points: The files
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.mdinstruct the agent to gather information from Slack channels, corporate emails, shared documents, and external press releases. - Boundary markers: There are no instructions provided to the agent to treat ingested content as data only or to ignore instructions embedded within those sources.
- Capability inventory: The agent is authorized to read sensitive company data and transform it into summary outputs, which could be manipulated by an attacker who can post to Slack or influence external press content.
- Sanitization: The skill lacks any sanitization, filtering, or validation steps for the content it retrieves before incorporating it into the final output.
Audit Metadata