internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is highly susceptible to indirect prompt injection because it is designed to ingest and summarize untrusted data from various corporate communication channels without sanitization or boundary markers. An attacker with access to internal Slack channels or email could potentially influence the agent's output by including hidden instructions in their messages.
- Ingestion points:
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.mdspecify reading from Slack, Email, and Google Drive. - Boundary markers: Absent. There are no instructions for the agent to ignore or delimit embedded instructions within the source material.
- Capability inventory: Read and search access to internal messaging and document storage tools.
- Sanitization: Absent. The skill does not provide methods for escaping or validating the content pulled from external tools.
- [Data Exposure] (LOW): The skill actively targets high-sensitivity internal information, such as executive emails and company-wide vision documents. While this is the intended purpose of the 'internal-comms' skill, it creates a risk surface for data leakage if the generated summaries are shared outside of appropriate access control boundaries.
Audit Metadata