notion-meeting-intelligence
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (LOW): The skill exhibits a surface for indirect prompt injection by design, as it ingests untrusted data from Notion and uses it to generate new content via the Notion API.
- Ingestion points: Untrusted data enters the context through
Notion:notion-fetchandNotion:notion-query-data-sourcesas seen inevaluations/status-meeting-prep.json. - Boundary markers: No delimiters or specific instructions to ignore embedded commands are present in the reference templates to prevent the agent from following instructions found inside Notion pages.
- Capability inventory: The skill utilizes the
Notion:notion-create-pagestool across all example workflows, which provides a write-back capability that can be influenced by malicious content in ingested pages. - Sanitization: No sanitization or content validation steps are documented or required by the evaluation criteria.
- NO_CODE (INFO): The analyzed skill package does not contain any executable scripts (Python, Node.js, or Shell). It is defined through markdown templates and JSON configuration files meant to guide the behavior of an AI agent within a specific tool environment.
Audit Metadata