internal-comms
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from multiple internal sources without adequate safeguards.
- Ingestion points: Guidelines in examples/3p-updates.md, examples/company-newsletter.md, and examples/faq-answers.md instruct the agent to fetch data from Slack, Google Drive, Email, and Calendar events.
- Boundary markers: The instructions lack delimiters or explicit directives to ignore embedded instructions within the source material.
- Capability inventory: The skill facilitates access to sensitive corporate communication channels to generate summaries.
- Sanitization: No methods for escaping or validating retrieved content are specified, creating a risk that malicious input could hijack the agent's behavior during the summarization process.
Audit Metadata