notion-knowledge-capture
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill files contain legitimate instructions for knowledge management and Notion integration. The behavior is consistent with the stated goal of transforming discussions into structured wiki pages, FAQs, and decision records. No hardcoded credentials or malicious scripts are present.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because its primary function involves processing untrusted conversation context from users. 1. Ingestion points: Conversation context is read in Step 1 of the Knowledge Capture Workflow (SKILL.md). 2. Boundary markers: The prompt does not utilize explicit delimiters or 'ignore' instructions to isolate extracted data from the agent's logic. 3. Capability inventory: The skill has the ability to create and update content in the user's Notion workspace using 'Notion:notion-create-pages' and 'Notion:notion-update-page'. 4. Sanitization: The extracted content is structured but not sanitized for embedded instructions before being committed to Notion. This surface is considered low-risk and inherent to the skill's utility.
Audit Metadata