company-admin
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill has an attack surface for Indirect Prompt Injection.
- Ingestion points: Untrusted data enters the context via
notion_notion-fetchused inSKILL.mdto retrieve page content. - Boundary markers: Absent. The fetched content is not delimited or marked as untrusted for the agent.
- Capability inventory: The skill possesses write capabilities to Notion (
notion_notion-update-page) and shell command execution (cat). - Sanitization: Absent. There is no evidence of content validation or escaping for the data retrieved from Notion.
- [DATA_EXFILTRATION]: The skill contains hardcoded identifiers for sensitive resources.
- The
.skill.configfile includes specific Notion Page IDs for sensitive categories like Admin/Legal and Investor info. - The configuration includes links to well-known services (Firstbase and Cal.com) that contain specific company and team account identifiers.
- [COMMAND_EXECUTION]: Shell commands are used for managing skill configuration.
- The skill uses
catto read and write environment variable files at.opencode/skill/company-admin/.env.
Audit Metadata