notion-automation
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill processes content from Notion workspaces which serves as a surface for indirect prompt injection. \n- Ingestion points: Tools such as NOTION_FETCH_BLOCK_CONTENTS and NOTION_QUERY_DATABASE ingest data from external Notion pages. \n- Boundary markers: No delimiters are used to separate untrusted Notion data from the agent's instructions. \n- Capability inventory: The skill has the ability to create and modify Notion content via tools like NOTION_UPDATE_PAGE and NOTION_INSERT_ROW_DATABASE. \n- Sanitization: There is no evidence of sanitization for the data retrieved from Notion. \n- [NO_CODE]: The skill consists of markdown instructions and tool definitions but does not contain any executable scripts or binary files within the provided content.
Audit Metadata