notion-research-documentation
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: No malicious patterns detected. The skill performs expected research tasks using standard Notion API tools with no evidence of unauthorized operations or data exfiltration.
- [EXTERNAL_DOWNLOADS]: The skill configuration points to the official Notion MCP server (https://mcp.notion.com/mcp), which is a trusted and well-known service required for the skill's functionality.
- [PROMPT_INJECTION]: The skill ingests untrusted data from Notion pages (Ingestion points: Notion:notion-fetch in SKILL.md) and possesses the capability to write to the workspace (Capability inventory: Notion:notion-create-pages, Notion:notion-update-page). It lacks explicit separation between instructions and fetched data (Boundary markers: Absent) and does not specify sanitization (Sanitization: Absent), creating a theoretical surface for indirect prompt injection that is inherent to research-oriented agents.
Audit Metadata