Skills
skills/leastbit/claude_skills_zh-cn/internal-comms/Gen Agent Trust Hub

internal-comms

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection due to its reliance on external, untrusted data sources.
  • Ingestion points: The skill explicitly instructs the agent to read from Slack (channels and threads), Email, Google Drive documents, and External News (referenced in examples/3p-updates.md, examples/company-newsletter.md, and examples/faq-answers.md).
  • Boundary markers: There are no instructions or system delimiters provided to help the agent distinguish between the skill's instructions and the content of the data it is processing. It lacks 'ignore embedded instructions' warnings.
  • Capability inventory: While the skill itself does not contain executable code, its outputs are high-impact. It generates content for 'Company Newsletters' (sent to 1000+ people), 'Leadership Updates', and 'FAQ' documents. An attacker could use a Slack post or email to inject instructions that the agent then propagates to the entire organization.
  • Sanitization: There is no evidence of filtering, validation, or sanitization of the content retrieved from these external tools before it is formatted into the final communication pieces.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:48 AM