Skills
skills/aaaaqwq/agi-super-skills/notion-automation/Gen Agent Trust Hub

notion-automation

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by processing untrusted content from the Notion API.\n
  • Ingestion points: Content is ingested via tools such as getBlockChildren, queryDatabase, search, and retrieveComments (as described in the SKILL.md documentation and workflows).\n
  • Boundary markers: No specific boundary markers or instructions are provided to separate retrieved data from the agent's core instructions.\n
  • Capability inventory: The skill explicitly requests access to high-capability tools including Bash, Read, Write, Edit, Grep, and Glob.\n
  • Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the Notion workspace.\n- [COMMAND_EXECUTION]: The skill allows the use of the Bash tool and direct file system modification (Write, Edit). When combined with the processing of untrusted data from an external Notion workspace, this poses a risk that a malicious user could embed commands in a Notion page that the agent then executes on the local system.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 10:52 AM