internal-comms
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It is designed to ingest and summarize large volumes of untrusted data from Slack channels, emails, and shared documents.
- Ingestion points: The skill actively searches Slack messages (specifically looking for high engagement/reactions), Google Drive documents, and company-wide emails to generate 3P updates, newsletters, and FAQs (as defined in
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.md). - Boundary markers: The instructions do not define clear delimiters (e.g., XML tags) or specific 'ignore embedded instructions' warnings when processing this external context.
- Capability inventory: The skill has read-access to sensitive communication platforms and produces structured output that could influence company-wide information flow. While it does not appear to execute code or perform network operations, the generated content is intended for wide internal distribution.
- Sanitization: There is no explicit instruction to the agent to sanitize or validate the content found in these third-party sources for malicious instructions aimed at overriding the agent's behavior during the drafting process.
Audit Metadata