internal-comms
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from multiple internal communication channels.
- Ingestion points: Instructions in
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.mddirect the agent to read content from Slack channels, Google Drive documents, Emails, and Calendar events. - Boundary markers: No boundary markers or specific delimiters are provided to the agent to distinguish between legitimate communication data and potentially malicious instructions embedded within those sources.
- Capability inventory: The skill contains no executable code, but it has broad read access to organizational data silos. The resulting output is presented directly to the user.
- Sanitization: No sanitization or validation logic is defined to filter or escape the content retrieved from external tools before it is processed into templates.
- [NO_CODE]: The skill consists entirely of instructional Markdown files and does not contain any scripts, executables, or code-based logic.
Audit Metadata