tasks-plan
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from external, user-provided Notion pages which could contain malicious instructions.
- Ingestion points: Fetches page content, requirements, and acceptance criteria from Notion pages via MCP tools.
- Boundary markers: The skill does not specify the use of delimiters or 'ignore embedded instructions' warnings for the fetched data.
- Capability inventory: The skill has the capability to create new pages and task items in a user's Notion workspace.
- Sanitization: There is no mention of filtering, validation, or escaping of the content retrieved from Notion before it is processed.
- [NO_CODE]: This skill consists of workflow instructions and natural language prompts for an AI agent and does not include any executable scripts, binaries, or code files.
Audit Metadata