internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and process data from various untrusted internal sources, which is a significant vulnerability surface for indirect prompt injection.
- Ingestion points:
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.mdspecify reading from Slack, Google Drive, Email, and Calendar. - Boundary markers: Absent. The instructions do not define delimiters or provide warnings to ignore commands within processed content.
- Capability inventory: While no scripts are provided, the skill intended for the agent involves reading sensitive enterprise data and drafting/sending communications, establishing a pathway for potential manipulation via malicious data.
- Sanitization: Absent. There is no instruction to escape, validate, or filter the content retrieved from these external tools.
Audit Metadata