communications-manager
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via external data sources.
- Ingestion points: The 'ingestion_protocol' section in SKILL.md specifies fetching 'internal events (commits, releases) and community messages simultaneously' which are untrusted external inputs.
- Boundary markers: The skill lacks any definition of delimiters or instructions to ignore embedded commands within ingested data.
- Capability inventory: The skill produces content for Twitter, LinkedIn, Discord, and Mintlify documentation with the explicit instruction that content must be formatted for 'immediate publication without human editing.'
- Sanitization: There are no provisions for sanitizing, escaping, or validating the ingested content against malicious instructions.
- [NO_CODE]: This skill consists entirely of markdown instructions (SKILL.md) and does not include any scripts, binaries, or configuration files that execute code.
Audit Metadata