Skills
skills/nikiandr/goose-skills/client-package-notion/Gen Agent Trust Hub

client-package-notion

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill reads documents and lead lists from the local clients/ directory and uploads them to external services (Notion and Google Sheets). This behavior is documented as the core purpose of the skill to facilitate client work delivery.
  • [COMMAND_EXECUTION]: The playbook executes commands via the Notion and Rube (Google Sheets) MCP servers to automate the creation of pages, subpages, and spreadsheets.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from local markdown and CSV files and processes them using the agent's context. Malicious instructions embedded in these files could potentially influence agent behavior during the packaging process.
  • Ingestion points: Local files located at clients/<client_name>/ including strategies, campaigns, and lead lists.
  • Boundary markers: None identified; content is read and converted directly.
  • Capability inventory: Creation of Notion pages/subpages and writing data to Google Sheets via GOOGLESHEETS_BATCH_UPDATE.
  • Sanitization: No explicit sanitization or filtering of file content is performed before interpolation into Notion pages.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:17 PM