The Agent Skills Directory

[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. It ingests untrusted conversation data and uses it to perform high-capability actions in Notion without clear boundary markers or instructions to ignore embedded commands.
Ingestion points: Conversation context and user notes captured from chat history (SKILL.md, evaluations/*.json).
Boundary markers: Absent; the skill does not define delimiters or provide instructions to separate user data from agent logic.
Capability inventory: Search, fetch, create, and update pages in Notion via the Notion MCP server (SKILL.md).
Sanitization: Absent; no logic is provided to escape or validate the contents of the conversation before it is structured into Notion pages.

notion-knowledge-capture