mmk-notion
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill documentation correctly defines instructions for interacting with the Notion API via the
mmkCLI tool. It utilizes platform configurations to restrict tool access to only the necessary command set, following the principle of least privilege.\n- [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection because it processes data from external Notion objects (pages, databases, comments). However, this behavior is essential for the skill's primary function and no malicious exploitation patterns were found.\n - Ingestion points: Content retrieved from Notion pages, databases, and comments.\n
- Boundary markers: The current instructions do not specify delimiters or warnings to ignore instructions embedded in the external content.\n
- Capability inventory: The skill can perform write, update, and member management operations in Notion via the
mmkCLI.\n - Sanitization: No explicit sanitization or filtering of Notion-sourced content is described in the instruction set.
Audit Metadata