The Agent Skills Directory

[No Code] (SAFE): The analyzed files consist exclusively of Markdown templates, JSON evaluation definitions, and documentation. There are no Python scripts, Node.js files, or other executable binaries included in the skill definition.
[Indirect Prompt Injection] (LOW): The skill architecture involves fetching data from Notion pages (notion-fetch) and summarizing it. This is a standard RAG (Retrieval-Augmented Generation) pattern that naturally carries a risk of indirect prompt injection if the source Notion pages contain malicious instructions.
Ingestion points: Data enters the system via Notion:notion-fetch and Notion:notion-search results.
Boundary markers: Not explicitly defined in the provided templates; the LLM is expected to differentiate between data and instructions.
Capability inventory: The skill has the ability to write to the workspace via Notion:notion-create-pages.
Sanitization: None observed in the provided reference materials.
[Data Exposure & Exfiltration] (SAFE): While the skill accesses potentially sensitive information in a Notion workspace, it does so through designated tool calls (notion-fetch, notion-query-data-sources) and only writes back to the same workspace. There is no evidence of hardcoded credentials or network calls to unauthorized external domains.

meeting-record-system