notion-spec-to-implementation
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to fetch arbitrary content from Notion specification pages via
Notion:notion-fetchand act on that data to create plans and tasks. A malicious specification page could contain hidden instructions intended to divert the agent's behavior. Ingestion points:Notion:notion-fetchused inSKILL.mdandreference/spec-parsing.mdto retrieve specification content. Boundary markers: None. The instructions do not define delimiters or warnings to ignore instructions embedded within the spec content. Capability inventory: The skill usesNotion:notion-create-pagesandNotion:notion-update-page, allowing the agent to modify the Notion environment based on the input data. Sanitization: No validation or filtering logic is prescribed for the retrieved content. - [NO_CODE]: The skill consists entirely of Markdown-based guidance, templates, and evaluation JSON files. No executable scripts in Python, JavaScript, or Bash are provided within the skill package.
Audit Metadata