internal-comms
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and processes content from untrusted internal and external sources, which could contain malicious instructions designed to manipulate the agent's output.\n- Ingestion points: Data is ingested from Slack, Google Drive, email, calendar events, and external press articles as specified in
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.md.\n- Boundary markers: The instructions lack delimiters or directions for the agent to ignore instructions found within the sourced content.\n- Capability inventory: The skill's primary function is text generation and summarization; no code execution, system commands, or file-writing capabilities are present in the provided files.\n- Sanitization: There is no evidence of sanitization, validation, or filtering of the content retrieved from external sources.
Audit Metadata