internal-comms
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it instructs the agent to process data from untrusted or external-party-controllable sources to generate reports and newsletters.
- Ingestion points: Multiple guideline files (
3p-updates.md,company-newsletter.md,faq-answers.md) direct the agent to retrieve context from Slack channels, Google Drive documents, emails, and calendar events. - Boundary markers: The instructions do not specify any delimiters or safety warnings to help the agent distinguish between the skill's directives and the content found within the external data sources.
- Capability inventory: The skill does not contain internal scripts but relies on the agent's tool-calling functionality to access and read private communication platforms and document stores.
- Sanitization: The instructions provide no mechanisms for the agent to sanitize or validate content from these sources to prevent the inclusion of malicious or unintended instructions in the final output.
- [NO_CODE]: No executable code files are included in the skill package; the skill consists entirely of instructional markdown and text files.
Audit Metadata