notion-research-documentation
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates an attack surface for indirect prompt injection by design, as it incorporates external data into the agent's processing loop without adequate protections.
- Ingestion points: Untrusted data from Notion pages is ingested via the
Notion:notion-fetchtool as part of the primary research workflow described inSKILL.md. - Boundary markers: There are no explicit instructions, such as delimiters or security warnings, to prevent the agent from executing commands that might be hidden within the retrieved Notion content.
- Capability inventory: The skill provides the agent with access to
Notion:notion-search,Notion:notion-fetch, andNotion:notion-create-pages, granting it broad capabilities to interact with the user's workspace. - Sanitization: The skill lacks any defined sanitization or validation logic for data retrieved from Notion prior to its use in generating new documentation.
Audit Metadata