internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill is highly susceptible to indirect prompt injection due to its core functionality of summarizing external, potentially attacker-controlled data.
- Ingestion points:
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.mdinstruct the agent to read content from Slack messages, emails, Google Drive documents, and Calendar events. - Boundary markers: Absent. The instructions do not provide delimiters or warnings to ignore instructions embedded within the source materials.
- Capability inventory: The skill leverages the agent's ability to read sensitive corporate data and generate summaries that will be distributed internally (Newsletters, FAQs).
- Sanitization: Absent. There is no instruction to sanitize or filter the content retrieved from external sources.
- No Code Detected (SAFE): The skill consists entirely of Markdown files and metadata. There are no scripts, binaries, or configuration files that execute code or manage dependencies, eliminating risks related to remote code execution or persistence.
Audit Metadata