notion-meeting-intelligence
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and summarize untrusted data from Notion pages. \n
- Ingestion points: The skill utilizes Notion:notion-search and Notion:notion-fetch in SKILL.md to pull content from workspace pages. \n
- Boundary markers: There are no explicit instructions or delimiters used to prevent the agent from following instructions embedded within the fetched Notion content. \n
- Capability inventory: The agent has the ability to write back to the environment using Notion:notion-create-pages, Notion:notion-update-page, and Notion:notion-create-comment. \n
- Sanitization: No sanitization or validation of the fetched Notion content is performed before processing. \n- [COMMAND_EXECUTION]: The SKILL.md file contains instructions for the user to execute CLI commands such as codex mcp add notion and codex --enable rmcp_client for platform-specific configuration. \n- [EXTERNAL_DOWNLOADS]: The skill configuration in agents/openai.yaml and SKILL.md references a remote MCP server at https://mcp.notion.com/mcp, which belongs to a well-known and trusted service provider.
Audit Metadata