internal-comms

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill instructs the agent to perform extensive searches across sensitive corporate data repositories.
  • Instructions in examples/3p-updates.md, examples/company-newsletter.md, and examples/faq-answers.md guide the agent to read Slack threads, emails, and calendar events.
  • It specifically targets communications from executives and documents with high engagement, which may contain proprietary or confidential information.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from multiple users.
  • Ingestion points: External data enters the context through Slack messages, emails, and shared documents specified in the example guideline files.
  • Boundary markers: The skill lacks instructions for the agent to use delimiters or specific ignore-rules for content found in the ingested data.
  • Capability inventory: The agent uses the analyzed data to generate text for newsletters, FAQs, and status updates, which could be manipulated by an attacker who places malicious instructions in a Slack channel or document.
  • Sanitization: There is no mention of sanitizing or filtering the content retrieved from external tools before it is processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 06:40 AM
Security Audit — agent-trust-hub — internal-comms