internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its reliance on processing data from potentially untrusted or attacker-controllable sources.
- Ingestion points: The instructions in
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.mddirect the agent to read and summarize content from Slack messages, Google Drive documents, corporate emails, and external press releases. - Boundary markers: The guidelines lack explicit delimiters or instructions for the agent to treat ingested data as untrusted or to ignore embedded instructions.
- Capability inventory: The prompts encourage the agent to use environment tools for Slack, Google Drive, Email, and Calendar access.
- Sanitization: There are no requirements or instructions to sanitize or validate the content retrieved from these external sources before processing.
Audit Metadata