internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): High surface area for Indirect Prompt Injection through automated data ingestion.
- Ingestion points: The skill instructions in
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.mddirect the agent to fetch and process data from Slack channels, Google Drive docs, Email threads, and "External press" sources. - Boundary markers: Absent. The skill lacks explicit instructions or delimiters to help the agent distinguish between legitimate data and potential instructions embedded within those data sources.
- Capability inventory: The agent has the capability to read extensive internal data and generate summarized outputs (newsletters, FAQs) that are intended for wide internal distribution.
- Sanitization: Absent. There is no guidance to sanitize or ignore instructions found within the ingested content, increasing the risk that a malicious Slack post or Document could hijack the agent's persona or output content.
Audit Metadata