internal-comms
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) due to its design of ingesting and summarizing data from potentially untrusted external sources.
- Ingestion points: The workflow in
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.mdexplicitly instructs the agent to gather information from Slack threads, emails, Google Drive documents, and external press materials. - Boundary markers: The instructions lack delimiters or specific warnings to ignore embedded commands, which may cause the agent to accidentally follow instructions found within the summarized data.
- Capability inventory: The skill possesses the ability to read sensitive company communications and generate output for distribution across internal channels (Slack, Email), creating a path for manipulated content to reach a wide audience.
- Sanitization: No logic is present for sanitizing, escaping, or validating the input data before it is processed into the final communication format.
Audit Metadata