internal-comms
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill directs the AI to ingest content from untrusted external sources (Slack channels, emails, shared documents) without any sanitization or boundary markers. * Ingestion Points: Specified in examples/3p-updates.md, examples/company-newsletter.md, and examples/faq-answers.md. * Boundary Markers: Absent; the agent is not instructed to ignore or delimit instructions found within the data. * Capability Inventory: The agent generates high-impact communications like leadership updates and company-wide newsletters. * Sanitization: Absent; the skill lacks any logic to filter or escape malicious instructions embedded in the source text.
- [Data Exposure] (MEDIUM): The skill is designed to aggregate potentially sensitive information from private or semi-private channels into broad summaries, increasing the risk of over-sharing confidential data to unauthorized audiences.
Recommendations
- AI detected serious security threats
Audit Metadata