internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Prompt Injection] (LOW): Indirect Prompt Injection Surface. The skill's primary function is to process untrusted data from external sources (Slack, Google Drive, Email, Calendar) and summarize it for company-wide distribution.
- Ingestion points: Found in
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.md, which instruct the agent to read from team communication tools. - Boundary markers: Absent. There are no instructions to use delimiters or to disregard instructions embedded within the source documents or messages.
- Capability inventory: The skill has broad read access to enterprise data and generates high-visibility internal communications, providing a vector for an attacker to spread malicious instructions via a Slack message or shared document.
- Sanitization: Absent. No filtering or validation logic is specified for the content retrieved from external tools.
- [Data Exposure & Exfiltration] (LOW): The instructions command the agent to search through sensitive personal and company data (Emails, Slack DM reactions, private Calendar events). While this facilitates the skill's purpose, it increases the risk of sensitive data being surfaced in unintended contexts if the agent is confused by conflicting instructions.
Audit Metadata