The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where external data is processed. * Ingestion points: Data from Slack messages, Typeform/Google Form submissions, and GitHub issues enters the agent context as defined in the workflows in SKILL.md. * Boundary markers: There are no explicit delimiters or instructions provided to ignore potentially malicious commands embedded within the external data strings. * Capability inventory: The skill utilizes network capabilities (Slack, Email, Clearbit) and data modification privileges (Notion database writes) as detailed in the workflows in SKILL.md. * Sanitization: No explicit validation or sanitization of the external input strings is defined before interpolation into prompts or execution of actions.

notion-automation