research-documentation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCREDENTIALS_UNSAFENO_CODE
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data from the web and has write capabilities. Mandatory Evidence Chain: 1. Ingestion points: Web access for gathering information (SKILL.md). 2. Boundary markers: No delimiters or ignore-instructions warnings are defined. 3. Capability inventory: Notion API access with write permissions (SKILL.md). 4. Sanitization: No sanitization of external content is mentioned.
- CREDENTIALS_UNSAFE (MEDIUM): The workflow requires a NOTION_API_TOKEN (SKILL.md). This sensitive credential could be exfiltrated if an attacker-controlled website provides malicious instructions during the research phase.
- NO_CODE (INFO): The analyzed files consist only of markdown documentation and YAML frontmatter; no executable scripts were found, so the assessment is based on the described architectural workflow.
Recommendations
- AI detected serious security threats
Audit Metadata