internal-comms
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by instructing the agent to ingest and summarize data from potentially untrusted sources such as Slack messages, emails, and external press releases.
- Ingestion points:
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.mdspecify reading from Slack, Google Drive, Email, and Calendar. - Boundary markers: The instructions lack explicit delimiters or warnings to ignore commands that may be embedded within the source material.
- Capability inventory: The skill relies on tools for reading communication history and document contents to generate reports.
- Sanitization: There are no instructions for sanitizing or validating the content retrieved from external or internal communication channels.
Audit Metadata