internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection due to its core function of processing untrusted data from multiple ingestion points.
- Ingestion points: The instructions in examples/3p-updates.md, examples/company-newsletter.md, and examples/faq-answers.md direct the agent to read from Slack messages, Google Drive documents, emails, and external press articles.
- Boundary markers: Absent; there are no instructions provided to the agent to treat external data as untrusted or to ignore instructions embedded within those sources.
- Capability inventory: The skill leverages the agent's ability to read sensitive organizational data and reformat it for company-wide distribution, creating a high-impact surface for potential manipulation.
- Sanitization: Absent; the skill lacks any mechanisms for filtering, validation, or escaping of the ingested content before it is interpolated into summaries.
- NO_CODE (SAFE): The provided skill files consist solely of Markdown instructions. No executable scripts, binaries, or package manifests were detected.
Audit Metadata