Skills
skills/manojbajaj95/mcp-skill/notion/Gen Agent Trust Hub

notion

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external sources.
  • Ingestion points: The tools notion-search, notion-fetch, and notion-get-comments in app.py retrieve content from Notion workspaces, which can include data from connected third-party services like Slack, GitHub, and Jira.
  • Boundary markers: The skill does not implement boundary markers or specific instructions to the agent to disregard embedded commands in the fetched content.
  • Capability inventory: The skill provides significant write capabilities, including notion-create-pages, notion-update-page, notion-move-pages, and notion-create-database in app.py, which could be abused if an agent obeys instructions hidden in fetched data.
  • Sanitization: No sanitization or validation of the fetched Notion content is performed before it is returned to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 09:24 AM