notion-format
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes arbitrary content from the user or conversation history to generate Notion documents.
- Ingestion points: Untrusted data is ingested via the 'Content to format' input specified in SKILL.md, which includes conversation context and pasted text.
- Boundary markers: The instructions do not define clear delimiters or provide 'ignore embedded instructions' prompts to the agent when handling user-provided content.
- Capability inventory: The skill leverages Notion MCP tools such as API-post-page and API-patch-block-children to write data to an external service.
- Sanitization: No validation or sanitization of the input content is performed before it is mapped to Notion blocks and published.
Audit Metadata