notion-meeting-intelligence
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it ingests untrusted data from Notion pages to generate meeting materials.
- Ingestion points: Data enters the agent via
Notion:notion-search,Notion:notion-fetch, andNotion:notion-query-data-sourcesas documented in SKILL.md and multiple examples (e.g., project-decision.md). - Boundary markers: No specific delimiters or instructions to ignore embedded instructions within Notion content are provided in the templates.
- Capability inventory: The skill can create and update pages (
Notion:notion-create-pages,Notion:notion-update-page) and add comments (Notion:notion-create-comment). - Sanitization: No explicit sanitization or filtering of Notion content is mentioned before it is interpolated into new documents.
- [EXTERNAL_DOWNLOADS]: The skill configuration and workflow reference an external tool from a well-known service.
- Source: The official Notion Model Context Protocol (MCP) server at
https://mcp.notion.com/mcpis referenced in agents/openai.yaml and SKILL.md. - [COMMAND_EXECUTION]: The SKILL.md documentation provides manual setup instructions requiring the user to execute CLI commands to configure the Notion integration.
- Evidence: Instructions include
codex mcp add notion --url https://mcp.notion.com/mcpandcodex mcp login notion.
Audit Metadata