internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core design of summarizing untrusted data from multiple sources.
- Ingestion points: Slack messages, Google Drive documents, Email content, Calendar events, and External press articles as specified in
examples/3p-updates.mdandexamples/company-newsletter.md. - Boundary markers: Absent. The instructions do not define delimiters (like triple-backticks or XML tags) or explicitly command the agent to ignore instructions embedded within the retrieved documents.
- Capability inventory: The skill requires high-read permissions across core organizational communication and document platforms.
- Sanitization: Absent. There is no instruction to validate, escape, or filter content retrieved from these sources before it is used in a generated report.
- No Code (SAFE): This skill consists entirely of Markdown instructions and examples. There are no executable scripts, binaries, or configuration files that could facilitate direct remote code execution or privilege escalation.
Audit Metadata