notion-research-documentation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it fetches and synthesizes untrusted content from the workspace and connected apps.
- Ingestion points: Page content retrieved via 'Notion:notion-fetch' from pages found through 'Notion:notion-search' (referenced in SKILL.md and examples/).
- Boundary markers: Absent. The instructions and templates in 'SKILL.md' and the 'reference/' folder do not specify the use of delimiters or instructions to ignore embedded commands in the retrieved data.
- Capability inventory: The skill possesses the 'Notion:notion-create-pages' capability, allowing it to write new content to the user's workspace based on potentially poisoned input.
- Sanitization: No evidence of sanitization, filtering, or validation of the retrieved content before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata