notion-research-documentation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). * Ingestion points: Data is retrieved from the workspace via 'Notion:notion-fetch' as described in 'SKILL.md' and the 'examples/' directory. * Boundary markers: Absent; the instructions do not provide delimiters or warnings to ignore instructions within the fetched data. * Capability inventory: The skill possesses 'write' capabilities through 'Notion:notion-create-pages', allowing it to create or modify content based on potentially malicious input. * Sanitization: Absent; there is no validation or filtering of retrieved content before synthesis. Maliciously crafted Notion pages could hijack the agent's research process or create unauthorized content.
Recommendations
- AI detected serious security threats
Audit Metadata