internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to Indirect Prompt Injection due to its reliance on external data ingestion.
- Ingestion points:
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.mdinstruct the agent to pull data from Slack, Google Drive, Email, Calendar, and External Press. - Boundary markers: The skill lacks any instructions for the agent to use delimiters or ignore potentially malicious instructions embedded within the retrieved messages or documents.
- Capability inventory: The agent has the capability to read across various sensitive enterprise communication channels and summarize them into new documents.
- Sanitization: There is no instruction for the agent to sanitize, escape, or validate the content retrieved from untrusted sources (especially Slack and External Press) before including it in drafts.
Audit Metadata