The Agent Skills Directory

Prompt Injection (LOW): The skill is vulnerable to Indirect Prompt Injection. Evidence: (1) Ingestion points: The instructions in SKILL.md direct the agent to gather context from Slack, Google Drive, Email, and Calendar, which are untrusted external data sources. (2) Boundary markers: No delimiters or explicit instructions to ignore embedded commands within the source data are provided. (3) Capability inventory: The skill utilizes tools to read organizational communication and document data. (4) Sanitization: There is no mention of sanitizing or validating external content before it is processed into the final update.

internal-comms-3p-updates