notion-markdown-conversion
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes external, potentially untrusted data from Notion databases and pages which could contain malicious instructions.
- Ingestion points: Notion page and database content retrieved via
mcp__Notion__notion-fetchandmcp__Notion__notion-search. - Boundary markers: The skill lacks explicit instructions to treat Notion content as untrusted or to use delimiters to prevent instruction leakage.
- Capability inventory: The skill uses
WriteandReadtools for local filesystem access and Notion tools for data retrieval. - Sanitization: No sanitization of the Notion-flavored Markdown is performed before processing or displaying the content.
- [Data Exposure] (SAFE): While the skill accesses Notion metadata (authors, IDs, timestamps), this behavior is consistent with the primary purpose of exporting documentation. No unauthorized exfiltration to external domains was found.
- [External Downloads] (SAFE): No remote scripts, package installations, or unverifiable dependencies are referenced.
Audit Metadata