notion-research-documentation
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes content fetched from external Notion pages, creating a surface for indirect prompt injection. Malicious instructions within a processed page could attempt to hijack the agent's behavior during synthesis or report generation.\n
- Ingestion points: The skill utilizes
Notion:notion-fetchto retrieve content from arbitrary Notion pages as part of its core workflow.\n - Capability inventory: The skill has the capability to search, fetch, create, and update pages within the connected Notion workspace.\n
- Boundary markers: There are no explicit instructions or delimiters defined to isolate fetched content from the agent's internal reasoning or system instructions.\n
- Sanitization: No sanitization or validation logic is defined for the fetched Notion content before it is processed by the agent.\n- [EXTERNAL_DOWNLOADS]: The skill configuration and setup instructions reference a remote Notion MCP server.\n
- Evidence:
SKILL.mdandagents/openai.yamlreferencehttps://mcp.notion.com/mcpas the MCP server URL.\n - Context: The referenced URL targets the official Notion domain, which is a well-known and trusted service provider for the skill's intended functionality.
Audit Metadata