The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core workflow of processing external, untrusted content from Notion.
Ingestion points: Content is retrieved from a user's Notion workspace using Notion:notion-search and Notion:notion-fetch as described in Step 2 and 3 of SKILL.md.
Boundary markers: There are no explicit instructions or delimiters used to wrap the fetched Notion content to prevent it from being interpreted as instructions by the agent. While the skill advises to 'distinguish Notion facts from Claude insights', it does not instruct the agent to ignore any commands that might be embedded within the Notion pages.
Capability inventory: The skill has significant write capabilities, using Notion:notion-create-pages to create internal pre-reads and external agendas, and Notion:notion-create-comment to post notifications. A malicious instruction in a fetched Notion page could influence the content or structure of these generated documents.
Sanitization: The skill lacks automated sanitization or filtering of the content retrieved from Notion before it is interpolated into the generated templates.

notion-meeting-intelligence