notion-spec-to-implementation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill exhibits a surface for indirect prompt injection because it fetches and parses external specification documents from Notion. This is a primary function of the skill and no malicious exploitation patterns were observed.
- Ingestion points: The
Notion:notion-fetchtool is used inSKILL.mdandreference/spec-parsing.mdto retrieve the full content of Notion pages. - Boundary markers: Absent. The skill does not explicitly provide delimiters or 'ignore' instructions for the fetched content.
- Capability inventory: The skill has the ability to create and update Notion pages via
Notion:notion-create-pagesandNotion:notion-update-page(SKILL.md). - Sanitization: Absent. Content is parsed for structured requirements using natural language processing patterns defined in
reference/spec-parsing.md. - Data Exposure & Exfiltration (SAFE): No evidence of hardcoded credentials or network calls to external, non-whitelisted domains was found. Operations are confined to the Notion workspace.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not install third-party packages or execute remote scripts. It relies solely on built-in Notion integration tools.
Audit Metadata