ux-sentinel
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill implements proactive defenses against indirect prompt injection by instructing the agent to treat all conversation content as untrusted data and to ignore any embedded instructions or skill invocations.
- Ingestion points: User conversation messages across the session history.
- Boundary markers: Present; the skill instructions specify that conversation content is data only and directives within it should be ignored.
- Capability inventory: Notion database interactions via MCP tools (API-post-search, API-post-page, API-patch-page, API-query-data-source).
- Sanitization: Performs name normalization (lowercase, character removal) on detected concepts.
- [DATA_EXFILTRATION]: The skill strictly limits data transfer to the user-configured Notion database. It contains explicit guardrails against harvesting credentials or tokens from the local filesystem.
- [COMMAND_EXECUTION]: All network and system interactions are routed through established MCP tools. The skill explicitly forbids the execution of shell commands or external utilities for API calls.
Audit Metadata