rate-message

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to the processing of untrusted data from external sources.\n
  • Ingestion points: The skill retrieves untrusted message content from external leads via mcp__notion__notion-search (Steps 3 and 5) and reads existing content from the 'Feedback Insights' Notion page (Step 6), which could contain previously processed untrusted data.\n
  • Boundary markers: There are no specified delimiters (such as XML tags or triple quotes) or explicit instructions to ignore potentially malicious commands embedded within the external message text or the existing Notion page content.\n
  • Capability inventory: The agent has write access to the user's Notion environment through the mcp__notion__notion-update-page tool, allowing it to modify database properties and page content.\n
  • Sanitization: The instructions do not define any validation, filtering, or sanitization steps to ensure that external message content is safe before it is analyzed or persisted back to the central 'Feedback Insights' page.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 04:33 PM
Security Audit — agent-trust-hub — rate-message