notion-admin
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and acts upon untrusted data from Notion databases.
- Ingestion points: The skill is designed to process content from the 'Feedback', 'Meetings', and 'Documentation' databases within the Notion workspace (SKILL.md).
- Boundary markers: There are no instructions or delimiters specified to ensure the agent ignores or sanitizes instructions embedded within the ingested Notion data.
- Capability inventory: The skill leverages the Composio toolkit for Notion write operations (e.g., archiving, updating metadata) and writes activity logs to local filesystem paths (pm-workspace-docs/status/).
- Sanitization: No input validation or sanitization mechanisms are defined for the data gathered from Notion.
- [NO_CODE]: The skill contains only markdown-based procedural instructions and configuration references; no executable scripts, binaries, or source code files are included.
Audit Metadata