internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it instructs the AI to process content from potentially untrusted or attacker-controllable sources.
- Ingestion points: The skill directs the agent to read from Slack messages, Google Drive documents, Emails, Calendar events, and External press articles (specified in 3p-updates.md, company-newsletter.md, and faq-answers.md).
- Boundary markers: Absent. There are no instructions to use delimiters or to disregard instructions found within the gathered content.
- Capability inventory: While the skill contains no executable code, it encourages the use of tools to read sensitive data and generate widely distributed company-wide communications.
- Sanitization: Absent. No filtering or validation logic is provided to ensure that external content is safe before being summarized or formatted.
- Data Exfiltration (LOW): Although no exfiltration code is present, the skill's reliance on reading sensitive internal data combined with the lack of sanitization creates a risk where an attacker could exploit the agent to leak internal information via the generated reports or newsletters.
Audit Metadata