notion-spec-to-implementation
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from Notion specification pages using the Notion MCP toolset. This creates a surface where malicious instructions embedded in a specification could potentially influence the agent's behavior during the plan generation or task creation workflow.\n
- Ingestion points: Specification content is fetched from Notion via the
Notion:notion-fetchtool inSKILL.mdandreference/spec-parsing.md.\n - Boundary markers: The skill lacks explicit delimiters or instructions for the agent to distinguish between specification data and its own task generation instructions.\n
- Capability inventory: The skill has the capability to search, fetch, create, and update pages and databases within the connected Notion workspace using
Notion:notion-search,Notion:notion-fetch,Notion:notion-create-pages, andNotion:notion-update-page.\n - Sanitization: No automated sanitization or instruction filtering is applied to the fetched text retrieved from Notion specifications before it is processed by the agent.
Audit Metadata