notion-research-documentation
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill lacks isolation between instructions and the data it processes from Notion. 1. Ingestion points: Content enters via
Notion:notion-searchandNotion:notion-fetch(SKILL.md). 2. Boundary markers: No delimiters are used to wrap search results. 3. Capability inventory: The agent can write to the workspace viaNotion:notion-create-pages. 4. Sanitization: No filtering of source content is performed. - [DATA_EXFILTRATION] (MEDIUM): An attacker could manipulate the research workflow to discover and centralize sensitive workspace data into new pages or databases.
Recommendations
- AI detected serious security threats
Audit Metadata