internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill instructs the agent to gather information from sources that can be controlled by third parties or other employees (Slack, Google Drive, Email, and External Press) to generate communications. This creates a surface for indirect prompt injection attacks. \n
- Ingestion points: Guidelines in
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.mddirect the agent to read Slack messages, emails, and external news articles. \n - Boundary markers: None identified; the instructions do not specify the use of delimiters or 'ignore' instructions for the data being processed. \n
- Capability inventory: The agent uses its data-retrieval and summarization capabilities to create widely-distributed content like newsletters and FAQs. \n
- Sanitization: The instructions lack any requirement for the agent to sanitize or validate the content gathered from external sources. \n- No Code (SAFE): The skill consists solely of Markdown documentation and does not include any scripts, executable files, or package dependency manifests.
Audit Metadata