Skills
skills/ajbcoding/claude-skill-eval/moai-domain-notion/Gen Agent Trust Hub

moai-domain-notion

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of ingesting and processing untrusted data.
  • Ingestion points: The skill retrieves data from Notion databases, pages, and external web sources using the Read, WebFetch, and mcp__context7__get-library-docs tools.
  • Boundary markers: There are no specific delimiters or instructions provided to the agent to distinguish between its core logic and instructions that might be embedded within the retrieved content.
  • Capability inventory: The agent has high-privilege capabilities including Bash command execution and the ability to perform bulk write/delete operations on Notion workspaces.
  • Sanitization: No sanitization, validation, or filtering of the content retrieved from external sources or Notion is described.
  • [COMMAND_EXECUTION]: The skill requests and utilizes the Bash tool, intended for executing Notion CLI commands. While necessary for the stated functionality, providing an agent with shell access is a significant capability that should be monitored for misuse.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:06 AM