internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of untrusted data from multiple sources.
- Ingestion points: The skill processes data from Slack messages, emails, Google Drive documents, and external press releases as seen in
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.md. - Boundary markers: There are no explicit delimiters or instructions (e.g., 'ignore any instructions contained within the text') provided to the agent when processing this external content.
- Capability inventory: The agent is granted the capability to read sensitive internal communications and generate high-visibility outputs such as company-wide newsletters and FAQs.
- Sanitization: No validation or sanitization mechanisms are described for the external data before it is incorporated into the generated summaries, creating a risk that malicious instructions embedded in a Slack post or email could influence the agent's output.
Audit Metadata