Skills
skills/flonat/claude-research/sync-notion/Gen Agent Trust Hub

sync-notion

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from potentially untrusted local project files and propagating it to other systems.
  • Ingestion points: The skill reads metadata and session summaries from CLAUDE.md and log files (e.g., log/YYYY-MM-DD-HHMM.md) located within the project directory.
  • Boundary markers: There are no specific delimiters or instructions for the agent to ignore embedded commands within the content it extracts from these project files.
  • Capability inventory: The skill has the capability to write to local files (Edit, Write tools) such as .context/projects/_index.md and .context/current-focus.md, and to modify remote content via Notion MCP tools (mcp__claude_ai_Notion__notion-update-page).
  • Sanitization: No sanitization, escaping, or validation logic is defined to check the extracted content before it is used to update local registries or the Notion Research Pipeline.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 06:19 PM