Security risk report for @forgecat/anthropics_skills_internal-comms v0.0.4
Source Integrity
Low
Profile is attributed to Anthropic with a public GitHub repository (https://github.com/anthropics/skills) and specific commit hash (5128e18), enabling verification.
No hidden or obfuscated external dependencies; no typosquatted packages or attacker-controlled sources declared.
Agent Intent
Low
Content describes legitimate internal communication templates (3P updates, newsletters, FAQs, incident reports) with no instructions to manipulate the AI's behavior, ignore system instructions, or exfiltrate data.
Guidance to use available tools (Slack, Google Drive, Email, Calendar) is contextual and appropriate for gathering information to write communications; no instruction to access unauthorized systems or hide activity.
No system prompt leakage, role hijacking, or guidance poisoning detected; the skill is designed to help format and structure communications using company-standard templates, not to alter the AI's core behavior or inject malicious knowledge into future outputs.
Details
Evidence
SKILL.md: 'To write any internal communication: 1. Identify the communication type from the request 2. Load the appropriate guideline file from the examples/ directory'
3p-updates.md: 'Try to gather as much context as you can, focusing on the things that covered the time period you're writing for'
company-newsletter.md: 'If you have access to the following tools, please try to use them. If not, you can also let the user know directly that their responses would be better if they gave them access.'
Permissions
Low
No tools or hooks are declared in the profile; the skill is purely instructional guidance for formatting and structuring communications.
References to accessing Slack, Google Drive, Email, and Calendar are conditional suggestions ('if you have access') and do not grant or demand elevated permissions.
No file_write, file_delete, shell, or other high-risk operations are requested; the skill is read-only in intent (gathering information to draft text).
Details
Evidence
Profile declares 'Dependencies: None' and no MCP servers or tool definitions.
3p-updates.md: 'Whenever possible, try to pull from available sources to get the information you need' — conditional, not mandatory.
general-comms.md: 'Ask the user about their target audience' — defers to user input rather than asserting authority.
MCP Risk
Low
No MCP servers are defined in the profile.
No binary execution, network calls, or filesystem operations are declared or implied by the skill definition.