internal-comms
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- Data Exposure & Exfiltration (MEDIUM): The skill instructions (found in examples/3p-updates.md, examples/company-newsletter.md, and examples/faq-answers.md) explicitly direct the agent to retrieve and summarize information from highly sensitive internal sources including Slack channels, Google Drive documents, and private emails. This exposes broad organizational data to the model context. The severity is downgraded to MEDIUM because this access is fundamental to the skill's primary purpose.\n- Indirect Prompt Injection (LOW): The skill processes data from sources that can be manipulated by other users or external entities (Slack messages, shared documents, and external press). It lacks any boundary markers or instructions to sanitize content, allowing for potential manipulation of the agent's output via instructions embedded in those sources.\n
- Ingestion points: Slack channels, Email threads, and Google Drive documents (as specified in all example files).\n
- Boundary markers: Absent. No delimiters or instructions to ignore embedded prompts are provided in the guideline files.\n
- Capability inventory: The skill performs text summarization and formatting. It does not contain any script execution, system-level commands, or direct network exfiltration capabilities in the provided files.\n
- Sanitization: Absent. There is no guidance on filtering or escaping the data ingested from external or internal sources.
Audit Metadata