notion-meeting-intelligence
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Prompt Injection] (HIGH): Vulnerable to indirect prompt injection via data ingested from Notion. \n- Ingestion points: 'Notion:notion-search', 'Notion:notion-fetch', and 'Notion:notion-query-data-sources' (SKILL.md Step 1). \n- Boundary markers: None present; the agent is not instructed to treat fetched content as untrusted. \n- Capability inventory: 'Notion:notion-create-pages' and 'Notion:notion-update-page' provide the agent with write access to the workspace. \n- Sanitization: No evidence of content validation or sanitization before document generation. \n- [Command Execution] (MEDIUM): Setup instructions (SKILL.md Step 0) require users to run CLI commands to install a remote MCP server and modify tool configurations ('codex --enable rmcp_client'), posing environment security risks. \n- [External Downloads] (MEDIUM): The skill requires adding a remote tool from an external URL (https://mcp.notion.com/mcp), which creates a supply-chain attack surface.
Recommendations
- AI detected serious security threats
Audit Metadata