notion-spec-to-implementation
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection. It retrieves and processes untrusted content from specification pages without safety boundaries.
- Ingestion points: Specification data is ingested via Notion:notion-fetch as described in SKILL.md and reference/spec-parsing.md.
- Boundary markers: Absent. No delimiters or warnings are used to prevent the agent from executing instructions embedded within specifications.
- Capability inventory: The skill includes tools to create and update content (Notion:notion-create-pages, Notion:notion-update-page), posing a risk if the agent is misled.
- Sanitization: Absent. Content is parsed and converted into implementation plans without validation or filtering.
Audit Metadata