notion-spec-to-implementation
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes external content fetched from Notion pages using the
Notion:notion-fetchtool, which creates an indirect prompt injection surface. A maliciously crafted specification could attempt to influence the agent's behavior during the plan or task generation phase. - Ingestion points: Specification data is ingested in
SKILL.mdandreference/spec-parsing.mdfor requirements extraction. - Boundary markers: While the templates use structural headers (e.g., '## Requirements'), there are no explicit 'ignore embedded instructions' delimiters provided in the prompt logic to mitigate adversarial content within the specs.
- Capability inventory: The skill has the capability to create and update Notion pages (
Notion:notion-create-pages,Notion:notion-update-page), allowing it to modify the user's workspace based on the parsed input. - Sanitization: No specific text sanitization or filtering logic is present for the fetched specification content.
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs users to connect to the official Notion MCP server at
https://mcp.notion.com/mcp. This is a well-known service provided by the vendor (Notion Labs, Inc.) and is categorized as a safe, trusted dependency for the skill's intended functionality.
Audit Metadata