internal-comms
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is inherently exposed to potential indirect prompt injection because its core function involves summarizing data from external, untrusted sources such as Slack messages, emails, and shared documents. Maliciously crafted content within these sources could theoretically influence the agent's output.
- Ingestion points: Content is pulled from Slack channels, Google Drive documents, email threads, and calendar events as described in the example files.
- Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the ingested data.
- Capability inventory: The skill leverages the agent's read access to internal productivity tools for summarization and report generation.
- Sanitization: No explicit logic is provided for sanitizing or validating the content extracted from internal tools.
- [NO_CODE]: The skill consists exclusively of Markdown documentation and guidelines; it does not include any scripts, binaries, or automated configuration files.
Audit Metadata