Skills
skills/magic-meal-kits/mmk-skills/mmk-notion-meeting-comment/Gen Agent Trust Hub

mmk-notion-meeting-comment

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted meeting transcripts from Notion to generate action items and summaries, creating a risk of indirect prompt injection.
  • Ingestion points: The agent reads data via the 'mmk notion page transcript' command in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions are used to isolate the transcript content from the processing instructions.
  • Capability inventory: The skill can write to the Notion workspace using the 'mmk notion comment add' command.
  • Sanitization: The workflow lacks steps to sanitize or validate the external transcript content.
  • [COMMAND_EXECUTION]: The skill executes Bash commands using the 'mmk' CLI tool, which is a resource associated with the vendor 'magic-meal-kits'.
  • Evidence: Execution of 'mmk notion page transcript' and 'mmk notion comment add' within the workflow steps.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 03:27 PM