internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Data Exposure (LOW): The skill explicitly instructs the agent to search for and process highly sensitive information from organizational tools, including Slack messages, Google Drive documents, Calendar events, and Emails (specifically targeting executive communications). While this behavior is aligned with the skill's primary purpose, it creates a risk of exposing sensitive data if outputs are shared inappropriately.
- Indirect Prompt Injection (LOW): The skill is highly vulnerable to indirect prompt injection due to its reliance on processing untrusted external data.
- Ingestion points: Data is ingested from Slack, Google Drive, Email, and Calendar via
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.md. - Boundary markers: Absent. The instructions do not include delimiters or warnings to ignore embedded instructions within the ingested data.
- Capability inventory: The skill relies on the agent's underlying capabilities to read from and summarize content across various enterprise platforms.
- Sanitization: Absent. There is no evidence of filtering or sanitizing the content retrieved from these external sources before it is processed.
Audit Metadata