notion-sync
Pass
Audited by Gen Agent Trust Hub on Jul 15, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill describes workflows for ingesting user-generated content from Notion databases (SKILL.md, Section 3.1) and processing it into local specifications. This data flow creates a surface where malicious instructions embedded within Notion pages could potentially influence the agent's operations.
- Ingestion points: Notion database properties and page blocks (references/guide.md, Sections 3, 4, and 7).
- Boundary markers: No explicit prompt delimiters or instructions to ignore embedded prompts are mentioned for the fetched content.
- Capability inventory: The skill instructs the agent to perform file system writes and execute Notion API mutations (pull/push).
- Sanitization: The documentation notes that imported specs are validated against Zod schemas (Section 3.1).
- [EXTERNAL_DOWNLOADS]: Functional resource retrieval. The skill describes downloading file attachments from Notion's storage (Section 9.1). Notion is a well-known service and the operation is a documented feature for synchronizing research assets using standard API protocols.
Audit Metadata