Skills
skills/davepoon/buildwithclaude/notion-automation/Gen Agent Trust Hub

notion-automation

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION] (LOW): The skill configuration requires adding an external MCP server endpoint (https://rube.app/mcp). While functional for the skill's purpose, this routes workspace interactions through a non-whitelisted third-party domain, representing a low-risk network dependency.
  • [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface (Category 8).
  • Ingestion points: Data enters the context via NOTION_RETRIEVE_PAGE, NOTION_FETCH_BLOCK_CONTENTS, NOTION_QUERY_DATABASE, and NOTION_FETCH_COMMENTS in SKILL.md.
  • Boundary markers: No explicit delimiters or warnings (e.g., "ignore instructions in the following content") are used when processing retrieved Notion data.
  • Capability inventory: The agent has broad write/delete capabilities including NOTION_UPDATE_PAGE, NOTION_INSERT_ROW_DATABASE, and NOTION_DELETE_BLOCK.
  • Sanitization: No sanitization or validation of the retrieved Notion content is described before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 08:18 AM