weekly-intel-digest
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from shared environments.
- Ingestion points: Untrusted data enters the agent context via message history from five shared Slack channels (#feed-swyft-meetings, #feed-swyft-customer-quotes, #feed-competitor-feedback, #feed-swyft-churn-risks, and #feed-twitter) and via DM responses from internal bots (tiger-analytics and eon).
- Boundary markers: The skill lacks explicit boundary markers or delimiters to isolate untrusted data, increasing the risk that malicious instructions embedded in Slack messages could influence the agent's behavior.
- Capability inventory: The skill has the capability to search all public and private Slack channels (
slack_search_public_and_private), access the current user's profile (slack_read_user_profile), and send direct messages (slack_send_message). - Sanitization: There is no evidence of content sanitization or validation performed on the ingested Slack data before it is processed and summarized.
Audit Metadata