internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and summarize data from untrusted external sources including Slack, Email, and Google Drive, presenting a significant surface for indirect prompt injection. * Ingestion points: Identified in
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.md(Slack messages, Email content, Google Drive documents, and External press). * Boundary markers: Absent. The skill instructions do not provide the agent with delimiters or specific commands to distinguish between source data and potential malicious instructions. * Capability inventory: The agent is directed to use tools for Slack, Google Drive, Email, and Calendar access. * Sanitization: Absent. There is no mention of technical filtering, validation, or escaping of external content before it is processed. - [Data Exposure] (LOW): By scanning sensitive organizational data, the skill increases the risk of the agent leaking sensitive information if prompted maliciously via indirect injection.
Audit Metadata