search-skill-database
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes multiple local Python scripts (check_notion_config.py, setup_notion.py, query_db.py) located in a parent directory (../../notion-master/). While common for local tools, this assumes a specific environment structure.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The skill workflow includes a step to 'import' and install further skills into the environment based on IDs retrieved from an external Notion database. If the Notion database is compromised or contains entries pointing to malicious content, the agent may download and execute untrusted code.
- [CREDENTIALS_UNSAFE] (LOW): The skill documentation explicitly references and depends on sensitive environment variables such as NOTION_API_KEY and NOTION_SKILLS_DB_ID stored in a .env file. While it does not hardcode these secrets, it confirms their use and location.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted data from an external database and uses it to drive agent behavior.
- Ingestion points: Skill names, descriptions, and metadata returned by query_db.py.
- Boundary markers: None identified; the agent displays the raw results to the user.
- Capability inventory: Ability to execute local scripts and trigger follow-up installation skills (import-skill-to-nexus).
- Sanitization: No evidence of sanitization for the external data before it is presented to the user or passed to the next skill.
Audit Metadata