internal-comms
Pass
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of processing untrusted external data.
- Ingestion points: The skill explicitly instructs the agent to gather content from Slack posts, emails, Google Drive documents, and external press articles as seen in
examples/3p-updates.md,examples/company-newsletter.md, andexamples/faq-answers.md. - Boundary markers: No boundary markers or instructions to ignore embedded commands are present to protect the prompt context when interpolating external data.
- Capability inventory: The skill utilizes read capabilities for communication and document tools. While no high-risk execution tools (like shell access) are explicitly invoked in the skill files, the ingested content directly shapes the agent's output.
- Sanitization: There is no evidence of sanitization, filtering, or validation of the content retrieved from external sources before it is processed by the agent.
Audit Metadata