notion-knowledge-capture
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest untrusted data from user conversations to generate structured Notion content.
- Ingestion points: Conversation context used in SKILL.md steps 3 ('Extract and structure') and 4 ('Create/update in Notion').
- Boundary markers: Absent. The skill does not define specific delimiters or instructions to ignore embedded commands within the conversation context.
- Capability inventory: The skill can perform 'Notion:notion-search', 'Notion:notion-fetch', 'Notion:notion-create-pages', and 'Notion:notion-update-page' across any accessible Notion workspace.
- Sanitization: Absent. The skill extracts content and interpolates it directly into Notion API calls without validation or escaping of the input data.
- External Download (LOW): The skill instructions advise the user to install an MCP tool from 'https://mcp.notion.com/mcp'. While Notion is not on the provided Trusted External Sources list, this is a manual setup instruction for an official connector rather than an automated or hidden execution.
Audit Metadata