problem-framing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses an attack surface for indirect prompt injection by ingesting untrusted data from an external source (Notion).
- Ingestion points: Data is fetched via
API-post-searchandAPI-query-data-sourcein Phase 3 (SKILL.md). - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the persona data as untrusted or to ignore embedded instructions.
- Capability inventory: The skill uses Notion MCP tools for searching, querying, and retrieving page/block content.
- Sanitization: No sanitization or validation logic is defined to check the content retrieved from Notion before it is processed and formatted into the output.
Audit Metadata