internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and summarize data from untrusted external sources.
- Ingestion points: The instructions in
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.mddirect the agent to read and process data from Slack channels, Google Drive documents, Emails, and External Press articles. - Boundary markers: The prompt templates lack explicit delimiters or instructions to prevent the agent from following commands that might be embedded within the processed source material.
- Capability inventory: The skill contains no executable code or scripts, but it directs the agent to aggregate information for company-wide distribution, creating a path for misinformation if source data is poisoned.
- Sanitization: No sanitization, validation, or content filtering logic is implemented within the skill's instructions.
- [NO_CODE]: The skill consists entirely of markdown instruction files and does not include any executable scripts, binaries, or logic that runs in the shell.
Audit Metadata