spec-to-implementation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill exhibits a significant attack surface for indirect prompt injection. 1. Ingestion points: Specification documents in Markdown, PDF, or text format as described in the Requirements section. 2. Boundary markers: No markers or system-level instructions are mentioned to isolate untrusted input from the agent's core processing logic. 3. Capability inventory: The skill has the capability to create and structure Notion databases, tasks, and dashboards using the Notion API. 4. Sanitization: There is no indication that specification content is validated or sanitized before it influences the agent's plan generation and Notion operations.
Recommendations
- AI detected serious security threats
Audit Metadata