The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill's design involves processing untrusted chat history to generate workspace documentation, creating a surface for embedded instructions to bypass intent. \n- Ingestion points: Conversation context is ingested in SKILL.md (Step 1) and throughout the evaluation scenarios (e.g., evaluations/conversation-to-wiki.json). \n- Boundary markers: No explicit delimiters or system instructions are provided to distinguish between content for documentation and potential commands within the conversation context. \n- Capability inventory: The agent is equipped with powerful tools including Notion:notion-search, Notion:notion-create-pages, and Notion:notion-update-page, which allow for broad modification of the Notion environment. \n- Sanitization: The skill does not define any sanitization, filtering, or validation steps for the content extracted from chat before it is passed to tool parameters.

notion-knowledge-capture