internal-comms
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to ingest and summarize data from untrusted internal sources, creating a surface for indirect prompt injection.
- Ingestion points: Content is retrieved from Slack, Google Drive, Email, and Calendars as defined in guideline files like examples/3p-updates.md and examples/faq-answers.md.
- Boundary markers: There are no instructions for the agent to use delimiters or 'ignore embedded instructions' warnings when processing this external content.
- Capability inventory: The skill utilizes tools to read communications and then produces formatted summaries based on that data.
- Sanitization: The instructions do not include any methods for escaping, validating, or filtering the retrieved information before it is processed by the agent.
Audit Metadata