Skills
skills/aws-samples/sample-strands-agent-with-agentcore/notion/Gen Agent Trust Hub

notion

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It retrieves data from Notion pages (e.g., via notion_fetch) and uses that data to perform further actions like creating reports or updating tasks. If a Notion page contains hidden instructions masquerading as data, the agent may inadvertently follow them.
  • Ingestion points: Content is retrieved in SKILL.md using notion_fetch and notion_search tools.
  • Boundary markers: The instructions do not define delimiters or specific warnings to help the agent distinguish between system instructions and the data retrieved from external Notion pages.
  • Capability inventory: The skill includes tools that can modify or create resources (notion_create_page, notion_update_page, notion_append_blocks, notion_update_block) which could be misused if an injection occurs.
  • Sanitization: There are no documented procedures for sanitizing or validating the content fetched from Notion before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 02:12 PM