internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill instructions create an attack surface by directing the agent to ingest and summarize data from sources that can be influenced by third parties. 1. Ingestion points: The files examples/3p-updates.md, examples/company-newsletter.md, and examples/faq-answers.md all instruct the agent to read from Slack messages, Google Drive documents, Emails, and Calendar events. 2. Boundary markers: No delimiters or 'ignore embedded instructions' warnings are present in the prompts to help the agent distinguish between its instructions and the data being processed. 3. Capability inventory: The agent reads extensive internal communications and generates summaries for distribution, creating a risk of propagating malicious instructions or links found in those sources. 4. Sanitization: No sanitization or validation of the retrieved content is mentioned in the workflow.
- Data Exposure (SAFE): While the skill accesses sensitive internal data stores, this is consistent with its primary stated purpose. No patterns for unauthorized exfiltration or hardcoded credentials were detected.
Audit Metadata