internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): Evidence Chain: (1) Ingestion points: Untrusted user input is processed alongside files in the examples/ directory defined in SKILL.md. (2) Boundary markers: Absent. (3) Capability inventory: No subprocess calls, exec/eval, file-write, or network operations are present across the skill (capability is display-only). (4) Sanitization: Absent. The risk is limited to the agent potentially following instructions embedded in documents it is asked to summarize or format.
- [No Code] (INFO): Analysis of the skill reveals only markdown instructions. No Python, Node.js, or shell scripts are included.
- [Data Exposure] (SAFE): The skill does not reference or attempt to access sensitive paths (e.g., ~/.ssh, .env) or hardcoded credentials.
Audit Metadata