The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill's core functionality relies on processing untrusted data from multiple external sources, creating a significant surface for indirect prompt injection.
Ingestion points: examples/3p-updates.md, examples/company-newsletter.md, and examples/faq-answers.md explicitly instruct the agent to read from Slack channels, Google Drive documents, Emails, and Calendar events.
Boundary markers: Absent. There are no delimiters or instructions provided to the agent to ignore or treat embedded instructions within the source data as untrusted.
Capability inventory: The skill leverages the agent's ability to read from enterprise data platforms (Slack, GDrive, etc.) and generate structured summaries.
Sanitization: Absent. There is no logic for escaping, validating, or filtering the content retrieved from external tools before it is interpolated into the final communication draft.
[Data Exposure] (LOW): The skill encourages the agent to scan for high-visibility or executive-level communications (e.g., 'emails from executives', 'docs written from critical team members'). While intended for summarization, this increases the risk of sensitive information being inadvertently surfaced in wider company updates.
[No Code] (SAFE): The skill consists entirely of Markdown instruction files and does not include any executable scripts, binaries, or package dependency files, which limits the risk of direct malicious code execution.

internal-comms