internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): High vulnerability to indirect prompt injection. The skill explicitly instructs the agent to ingest data from external or multi-user sources such as Slack channels, Google Drive documents, and "external press" (websites). These sources can be controlled by third parties or malicious internal actors, and the skill lacks boundary markers or specific instructions to ignore embedded commands within the processed data.
- [DATA_EXFILTRATION] (LOW): Significant data exposure surface. The core workflow involves the agent accessing and summarizing highly sensitive internal business communications, including executive emails, non-recurring calendar meetings, and private documents. While no exfiltration commands were detected, the instructions encourage processing high-value corporate data which increases the potential impact of a successful exploit.
- [NO_CODE] (SAFE): The skill consists entirely of markdown instruction files and does not include any executable scripts, binary files, or external package dependencies.
Audit Metadata