The Agent Skills Directory

[Prompt Injection] (HIGH): The skill is vulnerable to Indirect Prompt Injection as it lacks safeguards when processing untrusted data from multiple sources. * Ingestion points: The agent reads content from Slack channels, Emails, Google Drive documents, and External Press (referenced in examples/3p-updates.md, examples/company-newsletter.md, and examples/faq-answers.md). * Boundary markers: Absent. There are no instructions to use delimiters or ignore instructions embedded within the source data. * Capability inventory: The skill is designed to draft communications for company-wide distribution (1000+ people), creating a high-impact channel for injected malicious content. * Sanitization: Absent. There is no requirement to filter or escape content retrieved from external tools.
[Data Exposure] (MEDIUM): The skill is specifically designed to aggregate and summarize high-sensitivity data (executive emails, vision documents, and Slack announcements). This centralizes sensitive information and potentially exposes it to a wider internal audience than originally intended if the agent's summarization is not strictly constrained.

internal-comms