rate-message
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to the processing of untrusted data from external sources.\n
- Ingestion points: The skill retrieves untrusted message content from external leads via
mcp__notion__notion-search(Steps 3 and 5) and reads existing content from the 'Feedback Insights' Notion page (Step 6), which could contain previously processed untrusted data.\n - Boundary markers: There are no specified delimiters (such as XML tags or triple quotes) or explicit instructions to ignore potentially malicious commands embedded within the external message text or the existing Notion page content.\n
- Capability inventory: The agent has write access to the user's Notion environment through the
mcp__notion__notion-update-pagetool, allowing it to modify database properties and page content.\n - Sanitization: The instructions do not define any validation, filtering, or sanitization steps to ensure that external message content is safe before it is analyzed or persisted back to the central 'Feedback Insights' page.
Audit Metadata