The Agent Skills Directory

[Prompt Injection] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its core design of processing untrusted internal communications. \n- Ingestion points: The skill actively searches Slack messages, Google Drive documents, Emails, and Calendar events to gather content for summaries (specified in examples/3p-updates.md, examples/company-newsletter.md, and examples/faq-answers.md). \n- Boundary markers: Absent. There are no instructions provided to use delimiters or ignore embedded instructions within the ingested data. \n- Capability inventory: The agent has permissions to read across sensitive internal platforms and generate summarized outputs for distribution to company-wide audiences. \n- Sanitization: Absent. No validation, escaping, or filtering of external/internal content is mentioned before it is interpolated into the final communication. \n- [Data Exfiltration] (LOW): The skill directs the agent to access sensitive internal data sources. While it lacks hardcoded exfiltration commands, the broad nature of the data accessed and the potential for the generated output to be distributed company-wide creates a risk of unauthorized information exposure if the agent's summarization process is manipulated by malicious content within the source data.

internal-comms