notion-automation
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains potential surfaces for indirect prompt injection in its automation workflows.
- Ingestion points: Untrusted data is ingested from external sources including Typeform/Google Form submissions, Slack messages, and GitHub issue content within the 'Core Workflows' section of SKILL.md.
- Boundary markers: The workflow templates do not utilize specific delimiters or instructions to the agent to treat external data as untrusted content.
- Capability inventory: The skill leverages MCP tools (notion_create_page, notion_update_database, notion_query) to interact with databases and mentions capabilities for sending emails and posting to Slack.
- Sanitization: No explicit data sanitization, escaping, or validation steps are defined in the workflows prior to data interpolation into Notion properties or notification messages.
Audit Metadata