internal-comms
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its reliance on ingesting data from external and internal sources that may contain malicious instructions.
- Ingestion points: The skill explicitly instructs the agent to gather content from Slack messages, emails, Google Drive documents, Calendar events, and external press (as seen in 3p-updates.md, company-newsletter.md, and faq-answers.md).
- Boundary markers: No delimiters or safety instructions are provided to help the agent differentiate between its core instructions and instructions that may be embedded in the data it processes.
- Capability inventory: The agent uses its capabilities to search through and summarize internal company communications and documentation to produce newsletters and FAQs.
- Sanitization: The skill lacks any steps for sanitizing or validating ingested content to prevent the execution of malicious prompts embedded within the messages or files it retrieves.
Audit Metadata