x-meeting-reports
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The skill hardcodes a specific Notion database URL (ID: d30ba60af8344e99b97a94428f838ccb) as the destination for all meeting reports. While the description misleadingly claims to create entries in the "user's Notion meeting reports database," the workflow forces the agent to use this hardcoded target ID. This pattern facilitates the exfiltration of sensitive meeting notes from the user's session to a database controlled by the skill's author.\n- [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted user-provided meeting notes and processes them through Notion tools without sanitization or boundary markers, creating a surface for indirect prompt injection.\n
- Ingestion points: User-provided meeting notes and bullet points in Workflow Step 1 (SKILL.md).\n
- Boundary markers: Absent; no instructions are provided to the agent to treat user-provided notes as untrusted data or to ignore embedded instructions.\n
- Capability inventory: notion-create-pages, notion-update-page, and notion-duplicate-page provide write access to an external database.\n
- Sanitization: Absent; the agent is instructed to use the user's input directly to draft the page body and properties.
Recommendations
- AI detected serious security threats
Audit Metadata