The Agent Skills Directory

[Prompt Injection] (LOW): Potential surface for Indirect Prompt Injection (Category 8). \n- Ingestion points: The skill ingests untrusted data from Notion using 'notion-fetch' and 'notion-query-data-sources' (see 'examples/customer-meeting.md' and 'evaluations/status-meeting-prep.json'). \n- Boundary markers: No explicit delimiters or instructions to ignore embedded commands were found in the provided templates or workflow descriptions. \n- Capability inventory: The skill has the capability to write to the workspace using 'notion-create-pages', which could be used to propagate malicious content. \n- Sanitization: There is no evidence of sanitization or validation of the ingested Notion content before it is interpolated into prompts for generating summaries and agendas.

notion-meeting-intelligence