internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its data ingestion workflows.
- Ingestion points: The skill instructs the agent to read from Slack channels, Google Drive documents, company emails, calendars, and external press articles to generate newsletters and updates (found in
examples/3p-updates.mdandexamples/company-newsletter.md). - Boundary markers: Absent. There are no explicit instructions for the agent to use delimiters or to disregard embedded commands within the ingested data.
- Capability inventory: The skill does not include any scripts or code-based tools, but it leverages the agent's ability to read potentially untrusted content and output it to users.
- Sanitization: Absent. No explicit validation or filtering of ingested content is requested.
- [NO_CODE]: This skill contains only Markdown documentation and prompt guidelines. No executable code, such as Python scripts or Node.js modules, is present in the analyzed files.
Audit Metadata