Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/notion-core-workflow-b/Gen Agent Trust Hub

notion-core-workflow-b

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements functions to read content from Notion pages and comments, which introduces an indirect prompt injection surface. Instructions embedded in Notion blocks could potentially influence the agent's behavior when it processes that data.
  • Ingestion points: The getPageContent, getBlockTree, and listComments functions in SKILL.md ingest external data from the Notion API into the agent's context.
  • Boundary markers: The code snippets do not utilize delimiters or specific instructions to the agent to disregard instructions found within the retrieved content.
  • Capability inventory: The skill provides capabilities to write, edit, and delete Notion content, and has access to bash and file system tools which could be exploited if the agent follows injected instructions.
  • Sanitization: There is no evidence of text sanitization or validation of the retrieved block content before it is processed.
  • [SAFE]: The skill uses the official @notionhq/client library to interact with Notion, which is a well-known and trusted service for this use case. Use of the NOTION_TOKEN environment variable is a standard security practice for managing credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 04:41 PM