internal-comms
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for Indirect Prompt Injection due to its reliance on untrusted or shared data sources.
- Ingestion points: The skill instructions in
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.mdexplicitly direct the agent to read content from Slack channels, Google Drive documents, Email responses, and external press articles. - Boundary markers: The instructions lack explicit delimiters or guidance for the agent to ignore instructions embedded within the processed data (e.g., a Slack post containing a command to the AI).
- Capability inventory: The agent is empowered to read from these sources and generate structured communications (newsletters, status reports) that are intended for company-wide visibility.
- Sanitization: There is no evidence of sanitization or validation logic to filter out potentially malicious instructional text from the gathered data.
Audit Metadata