notion-spec-to-implementation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted data from Notion pages, creating an attack surface for indirect prompt injection. 1. Ingestion points: Specification content is retrieved using Notion:notion-fetch (SKILL.md, reference/spec-parsing.md). 2. Boundary markers: Absent; instructions do not warn the agent to ignore or isolate commands found within specs. 3. Capability inventory: The agent can create and update Notion pages (Notion:notion-create-pages, Notion:notion-update-page). 4. Sanitization: Absent; no validation or filtering of fetched content is defined.
- No Code (SAFE): No executable files (e.g., .py, .js, .sh) were detected; the skill relies entirely on markdown instructions and external tool calls.
Audit Metadata