internal-comms
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is designed to process untrusted data from multiple external sources, creating a significant vulnerability to indirect prompt injection.
- Ingestion points: In
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.md, the agent is instructed to pull information from Slack, Google Drive, and Email. - Boundary markers: The skill lacks any instructions to use delimiters (like triple quotes or XML tags) or to ignore instructions embedded within the retrieved data.
- Capability inventory: While the skill does not execute system commands, it generates content for trusted internal channels such as company newsletters and FAQs. A malicious actor could inject instructions into a Slack message that the agent then follows (e.g., including phishing links or misinformation in the newsletter).
- Sanitization: There are no mechanisms described to sanitize or filter the content gathered from external sources before it is processed by the model.
Audit Metadata