internal-comms-anthropic
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to process content from third-party-controlled sources like Slack, Email, and Google Drive.
- Ingestion points: The files
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.mdinstruct the agent to gather information from Slack, Google Drive, Email, and Calendar. - Boundary markers: There are no instructions to use delimiters (e.g., XML tags or hashes) or specific directives to ignore potential commands embedded in the source data.
- Capability inventory: The agent acts as a summarizer and drafter of communications based on the gathered data, which could be influenced by adversarial instructions in the input.
- Sanitization: No methods for validating or sanitizing the content retrieved from external tools are mentioned.
- [NO_CODE]: This skill consists entirely of Markdown prompt engineering and configuration; it does not contain any executable scripts (Python, JavaScript, etc.), which significantly reduces the risk of direct malicious actions.
Audit Metadata