internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection because its core functionality involves reading and summarizing data from potentially untrusted external sources (Slack, Email, Google Drive). An attacker could insert malicious instructions into these sources to influence the agent's behavior.
- Ingestion points: Slack channels, executive emails, Google Drive documents, and Calendar event descriptions/attachments, as identified in examples/3p-updates.md, examples/company-newsletter.md, and examples/faq-answers.md.
- Boundary markers: Absent. The instructions do not include delimiters or specific system-level warnings to disregard instructions found within the retrieved data.
- Capability inventory: The agent is instructed to use tools to read and aggregate internal communications for company-wide distribution. No specific executable code or network-write capabilities are defined within the skill files themselves.
- Sanitization: Absent. There is no instruction to sanitize, escape, or validate the content retrieved from external sources before it is processed by the agent.
Audit Metadata