internal-comms
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data from external ingestion points without adequate safety measures.
- Ingestion points: The skill explicitly instructs the agent to pull information from Slack, Google Drive, Email, and Calendar as defined in examples/3p-updates.md, examples/company-newsletter.md, and examples/faq-answers.md.
- Boundary markers: The instructions lack delimiters or specific directives to treat the retrieved content purely as data, which leaves the agent vulnerable to following instructions embedded within the source material.
- Capability inventory: The agent's core function is to generate summaries and FAQs for broad internal consumption, meaning that malicious instructions in a source document could be used to distribute misleading information or influence employee actions.
- Sanitization: There are no sanitization or validation routines included to filter or escape content from external tools before processing.
Audit Metadata