tasks-build
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability. The skill fetches and follows requirements from a Notion page URL, which could contain malicious instructions designed to manipulate the agent.
- Ingestion points: Task details, acceptance criteria, and linked pages fetched from Notion in SKILL.md.
- Boundary markers: None identified; the workflow does not use delimiters to isolate untrusted content.
- Capability inventory: The skill can implement code changes and modify Notion properties/comments.
- Sanitization: No validation or sanitization is performed on the data retrieved from Notion before it is used to guide the building process.
Audit Metadata