notion-knowledge-capture
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it processes untrusted user conversations to create structured records in Notion.
- Ingestion points: The workflow extracts data from the preceding conversation history to populate Notion templates.
- Boundary markers: The prompt instructions do not specify the use of delimiters or 'ignore' instructions for the ingested content to prevent the agent from obeying instructions embedded in the chat.
- Capability inventory: The agent has the ability to search, fetch, create, and update pages in the user's Notion workspace via MCP tools.
- Sanitization: There is no evidence of content sanitization or validation before data is written to the destination database.
- [EXTERNAL_DOWNLOADS]: The skill references an official Notion MCP server at 'https://mcp.notion.com/mcp' for its core operations. This is an official domain for a well-known service and is documented as a safe configuration step for the user.
Audit Metadata