internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection (Category 8). It instructs the agent to gather information from internal communication tools (Slack, Email, Google Drive, Calendar) which are populated by other users. This creates a surface where malicious instructions embedded in a document or message could be processed and followed by the agent during the generation of newsletters or updates.\n
- Ingestion points: Slack channels, Google Drive documents, Email threads, and Calendar event descriptions as specified in
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.md.\n - Boundary markers: Absent. The instructions do not define delimiters or provide 'ignore embedded instructions' warnings for the data being processed.\n
- Capability inventory: The skill utilizes text processing and summarization; while it does not contain shell-level execution code, it leverages the agent's tool access to sensitive internal data.\n
- Sanitization: Absent. There is no guidance for the agent to sanitize or validate the content retrieved from external tools before it is interpolated into the final output.\n- No Code (SAFE): The skill consists exclusively of Markdown documentation. No scripts, binaries, or configuration files for package managers were detected.
Audit Metadata