notion-research-documentation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill directs the user to install an MCP tool from https://mcp.notion.com/mcp. This domain is not included in the pre-approved trusted repository or organization list.
- COMMAND_EXECUTION (LOW): The workflow includes shell commands to enable specific features and configure the environment, which modifies local system settings.
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). 1. Ingestion points: Data enters the agent context via Notion:notion-fetch. 2. Boundary markers: Absent; there are no instructions to ignore embedded prompts or treat the data as untrusted. 3. Capability inventory: The skill has the capability to create and update content using Notion:notion-create-pages and Notion:notion-update-page. 4. Sanitization: No sanitization or validation of the fetched Notion content is performed before synthesis.
Audit Metadata