internal-comms
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to perform extensive searches across sensitive corporate data repositories.
- Instructions in
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.mdguide the agent to read Slack threads, emails, and calendar events. - It specifically targets communications from executives and documents with high engagement, which may contain proprietary or confidential information.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from multiple users.
- Ingestion points: External data enters the context through Slack messages, emails, and shared documents specified in the example guideline files.
- Boundary markers: The skill lacks instructions for the agent to use delimiters or specific ignore-rules for content found in the ingested data.
- Capability inventory: The agent uses the analyzed data to generate text for newsletters, FAQs, and status updates, which could be manipulated by an attacker who places malicious instructions in a Slack channel or document.
- Sanitization: There is no mention of sanitizing or filtering the content retrieved from external tools before it is processed.
Audit Metadata