internal-comms
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides instructions that require the agent to ingest and process data from potentially attacker-influenced or untrusted sources, creating an attack surface for indirect prompt injection.
- Ingestion points: The skill explicitly directs the agent to gather data from Slack messages, Google Drive documents, company-wide emails, calendar events, and external press releases across multiple guideline files (
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.md). - Boundary markers: There are no instructions for the agent to use XML tags, triple backticks, or other delimiters to isolate untrusted data, nor are there warnings to ignore instructions found within the processed materials.
- Capability inventory: The skill utilizes read access to sensitive organizational tools to generate summaries and newsletters. While it does not include direct network or shell access, the generated content is intended for broad internal dissemination.
- Sanitization: The workflow lacks any requirements for sanitizing, escaping, or validating the information retrieved from external sources before interpolation into the agent's output.
Audit Metadata