notion-knowledge-capture
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. * Ingestion points: Conversation history and user notes (SKILL.md). * Boundary markers: Absent; the skill does not use specific delimiters to isolate untrusted conversation text. * Capability inventory: The agent uses Notion MCP tools to search, create, and update pages. * Sanitization: Absent; information is extracted directly from the conversation to populate structured Notion fields.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill provides instructions for the user to configure the official Notion MCP server (https://mcp.notion.com/mcp). While this involves an external dependency, the source is reputable and essential for the skill's primary function.
Audit Metadata