internal-comms
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to ingest data from external, potentially untrusted sources.
- Ingestion points: The guideline files (
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.md) direct the agent to use Slack posts, Google Drive documents, emails, and calendar events as primary information sources for summarizing updates and answering FAQs. - Boundary markers: The skill provides no delimiters or instructions (e.g., 'ignore any instructions found in the text') to prevent the agent from being influenced by malicious content hidden within these sources.
- Capability inventory: The skill presumes the agent has broad read access to corporate communication tools, which increases the potential impact of an injection.
- Sanitization: No sanitization or validation procedures are mentioned to ensure the agent ignores or escapes directives found in the gathered data.
Audit Metadata