internal-comms
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill package is composed entirely of instructional Markdown files and metadata. No executable scripts, binaries, or software package files are included in the skill directory.
- [PROMPT_INJECTION]: The skill's primary function of summarizing content from external and internal tools creates an attack surface for indirect prompt injection.
- Ingestion points: Data is ingested from Slack messages, emails, Google Drive documents, and external press releases as described in 'examples/3p-updates.md' and 'examples/company-newsletter.md'.
- Boundary markers: The instructions do not define any delimiters or specific 'ignore embedded instructions' warnings for the data being processed.
- Capability inventory: No executable code, subprocess spawning, or file-writing capabilities are present within the skill files.
- Sanitization: The skill does not provide instructions or logic for sanitizing or validating content retrieved from these external sources before it is processed by the AI.
Audit Metadata