notion-knowledge-capture
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection (Category 8) by processing untrusted conversation data to generate documentation in Notion.
- Ingestion points: Conversation context extracted from chat in the primary workflow (SKILL.md).
- Boundary markers: Absent; the skill does not instruct the agent to use delimiters or ignore embedded instructions when processing extracted content.
- Capability inventory: The skill utilizes Notion:notion-search, Notion:notion-create-pages, Notion:notion-update-page, and Notion:notion-fetch to read from and write to the user's workspace.
- Sanitization: Absent; no validation or escaping of the conversation content is performed before it is used to populate Notion pages.
Audit Metadata