internal-comms
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill defines a massive ingestion surface for untrusted content from sources like Slack, Email, and Google Drive without any sanitization or delimiters. * Ingestion points: Explicitly directed in 3p-updates.md, company-newsletter.md, and faq-answers.md to crawl internal communication channels. * Boundary markers: None present in instructions to distinguish between instructions and data. * Capability inventory: The skill produces high-visibility content (newsletters, FAQs) that can influence the entire employee base. * Sanitization: No filtering or escaping of external content is mentioned.
- [Data Exposure] (MEDIUM): The skill directs the agent to locate and summarize sensitive leadership updates, executive emails, and private project docs, increasing the risk of unauthorized data disclosure in broad-audience summaries.
- [No Code] (INFO): This skill contains no executable scripts, shell commands, or external package dependencies.
Recommendations
- AI detected serious security threats
Audit Metadata