Skills
skills/davekilleen/dex/anthropic-internal-comms/Gen Agent Trust Hub

anthropic-internal-comms

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core workflow of processing untrusted external data.
  • Ingestion points: Instructions in examples/3p-updates.md, examples/company-newsletter.md, and examples/faq-answers.md direct the agent to gather information from Slack messages, Google Drive documents, emails, and calendar events.
  • Boundary markers: The skill does not provide delimiters or instructions to ignore embedded commands within the fetched data, which could allow an attacker (e.g., another employee) to influence the agent's task via a malicious Slack post or document.
  • Capability inventory: The skill explicitly utilizes tools with read access to the organization's communication and document storage infrastructure.
  • Sanitization: There are no guidelines for sanitizing, validating, or escaping the retrieved content before it is processed by the agent.
  • [NO_CODE]: The skill contains only instructional markdown and license files, with no accompanying executable code scripts (Python, JavaScript, or Shell).
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 07:15 PM
Security Audit — agent-trust-hub — anthropic-internal-comms