internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill exhibits a significant attack surface for indirect prompt injection by instructing the agent to ingest and summarize data from internal communication platforms where content may be controlled or influenced by malicious actors.
- Ingestion points: Data is ingested from Slack, Google Drive, Email, and Calendar as specified in
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.md. - Boundary markers: Absent. The skill does not provide delimiters or instructions to the agent to disregard instructions embedded within the retrieved data.
- Capability inventory: The agent utilizes tool-based read access to aggregate information for text generation.
- Sanitization: Absent. There is no mention of filtering or validating the content retrieved from external tools before processing.
- Data Exposure Surface (SAFE): The skill is designed to process sensitive internal data (emails, docs, Slack). While it does not contain exfiltration code (e.g., curl/wget to external domains), the aggregation of this data into summaries increases the potential impact if the agent's output is subsequently leaked or misdirected.
Audit Metadata