notion-spec-to-implementation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection as it processes external Notion specifications to generate tasks and plans.\n
- Ingestion points: Specification content is fetched from Notion via
Notion:notion-fetchas documented inSKILL.mdandreference/spec-parsing.md.\n - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are included in the implementation plan templates.\n
- Capability inventory: The skill has the ability to write to the user's workspace using
Notion:notion-create-pagesandNotion:notion-update-page.\n - Sanitization: No sanitization or validation of the fetched Notion page content is specified before processing.\n- [External Downloads] (LOW): The agent configuration in
agents/openai.yamlreferences an external MCP server athttps://mcp.notion.com/mcp. Although this is the official endpoint for the service and core to the skill's function, it is not part of the predefined trusted source list.
Audit Metadata