project-awareness
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill retrieves data from attacker-controllable enterprise sources (Jira, Confluence, Glean) and interpolates it into the agent's context without adequate sanitization or boundary markers.
- Ingestion points:
search,employee_search, andmeeting_lookupfunctions called withinSKILL.mdto fetch project and personnel data. - Boundary markers: None present. The query patterns directly prompt the agent with placeholders for project names without instructions to ignore embedded commands within the retrieved text.
- Capability inventory: Primarily data retrieval and display. The skill is designed to aggregate information and present it to the user, providing a path for exfiltration of summarized data.
- Sanitization: No input validation or output escaping is defined for the content retrieved from external tools, making it vulnerable to data that contains malicious instructions.
- [Data Exposure] (LOW): This skill facilitates broad access to sensitive organizational data, including project statuses, employee roles, and meeting discussions. While inherent to its purpose, it increases the risk of exposing internal secrets if they are indexed by the connected search tools and queried via the agent.
Audit Metadata