notion-knowledge-capture
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to set up the Notion Model Context Protocol (MCP) using the official URL
https://mcp.notion.com/mcp. This is a well-known and trusted service. - [COMMAND_EXECUTION]: Includes setup steps that guide the user to configure the agent's environment using the
codexCLI (e.g.,codex --enable rmcp_clientandcodex mcp login). These are standard configuration commands for the tool's intended functionality. - [PROMPT_INJECTION]: The skill is designed to process untrusted text (conversations) which presents an inherent surface for indirect prompt injection.
- Ingestion points: Conversation history and user-provided notes are ingested during the extraction phase (
SKILL.md). - Boundary markers: Absent; the instructions do not specify the use of delimiters (e.g., XML tags or triple quotes) to isolate user-provided data from agent instructions.
- Capability inventory: The skill has the capability to search, fetch, create, and update pages in the user's Notion workspace (
Notion:notion-search,Notion:notion-fetch,Notion:notion-create-pages,Notion:notion-update-page). - Sanitization: Content is transformed into structured markdown for Notion; however, no explicit sanitization or instruction-filtering logic is defined in the workflow.
Audit Metadata