internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The instructions in 'examples/3p-updates.md', 'examples/company-newsletter.md', and 'examples/faq-answers.md' direct the agent to ingest and summarize content from multi-user platforms (Slack, Email, Drive) and external web sources. This exposure allows for instructions embedded in such content to potentially hijack the agent's output.
- Ingestion points: Slack, Google Drive, Email, and External Press as specified in the 'Tools' sections of the example files.
- Boundary markers: Absent; there are no instructions for the agent to use delimiters or to ignore commands found within the retrieved data.
- Capability inventory: The agent possesses capabilities for data retrieval via tools, summarization of external content, and generation of formatted reports.
- Sanitization: Absent; the skill does not specify any validation or filtering of the external data before it is processed.
Audit Metadata