internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of ingesting and summarizing untrusted data from multiple external channels. * Ingestion points: Files examples/3p-updates.md, examples/company-newsletter.md, and examples/faq-answers.md instruct the agent to retrieve and process data from Slack, Google Drive, Email, Calendar, and external press. * Boundary markers: None. The instructions do not specify the use of delimiters (e.g., XML tags or triple quotes) or system-level warnings to distinguish between the skill's primary instructions and the untrusted content retrieved from external sources. * Capability inventory: The skill contains no executable scripts (Python/Node.js). It relies on the host agent's native tool capabilities to read from corporate APIs and external websites. * Sanitization: None. There are no instructions provided to the agent to escape, filter, or validate the content retrieved from external sources before processing it.
- [NO_CODE]: The skill consists entirely of Markdown instruction files and does not include any executable scripts, binaries, or configuration files that trigger command execution or dynamic code evaluation.
Audit Metadata