mmk-notion-comment
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill leverages a custom command-line interface (mmk) to interact with Notion API services.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by retrieving external comment data.
- Ingestion points: The mmk notion comment list command retrieves user-generated comment text from Notion.
- Boundary markers: No specific delimiters or safety instructions are defined in the skill markdown.
- Capability inventory: The skill possesses write capabilities including adding and replying to comment threads.
- Sanitization: The documentation lacks information regarding input validation or data sanitization for retrieved content.
Audit Metadata