notion-mastery
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes data from external sources (Apollo.io, Notion) without explicit sanitization, creating a surface for indirect injection.
- Ingestion points:
references/n8n-workflows.md(Apollo API responses and Notion database fields). - Boundary markers: Absent in instructions and templates.
- Capability inventory:
references/n8n-workflows.mdutilizesn8n_execute_workflowandn8n_create_workflowvia then8n-mcp. - Sanitization: None present in the provided JavaScript logic or workflow templates.
- Dynamic Execution (LOW): The skill generates and executes logic (JavaScript and n8n workflow definitions) at runtime based on user requirements.
- Evidence:
references/n8n-workflows.mdcontains code snippets and instructions for the agent to create and execute workflows. - Context: This is the primary purpose of the skill, so the severity is reduced per the assessment framework.
- Data Exposure & Credentials (SAFE): The skill follows best practice by using placeholders for API keys.
- Evidence:
NOTION_API_KEY=secret_xxxandAPOLLO_API_KEY=xxxare defined as environment variables inreferences/n8n-workflows.md.
Audit Metadata