internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill explicitly instructs the agent to ingest and summarize data from untrusted multi-user sources, which is a primary vector for indirect prompt injection.
- Ingestion points:
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.mdtell the agent to search Slack channels (prioritizing high-engagement posts), emails, and Google Drive documents. - Boundary markers: Absent; there are no instructions to treat retrieved content strictly as data or to ignore embedded commands.
- Capability inventory: The skill contains no executable code but leverages the agent's built-in tools for reading internal data.
- Sanitization: Absent; no guidance is provided to the agent for validating or filtering content retrieved from external sources before inclusion in communication drafts.
Audit Metadata