Skills
skills/skillcreatorai/ai-agent-skills/notion-spec-to-implementation/Gen Agent Trust Hub

notion-spec-to-implementation

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting untrusted data from Notion specification pages.
  • Ingestion points: Specification content is retrieved from external Notion pages via Notion:notion-fetch (referenced in SKILL.md and reference/spec-parsing.md).
  • Boundary markers: The skill instructions do not specify the use of clear delimiters or 'ignore embedded instructions' warnings when processing the fetched specification text.
  • Capability inventory: The agent has the ability to create and update content in the user's workspace using Notion:notion-create-pages and Notion:notion-update-page.
  • Sanitization: No evidence of content sanitization or validation was found in the parsing logic defined in reference/spec-parsing.md.
  • [EXTERNAL_DOWNLOADS]: The skill configuration defines a connection to an external service for extended functionality.
  • Evidence: The agents/openai.yaml file defines a dependency on the official Notion Model Context Protocol (MCP) server at https://mcp.notion.com/mcp.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 12:39 AM