Skills
skills/trpc-group/trpc-agent-go/notion/Gen Agent Trust Hub

notion

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting untrusted data from external Notion pages.\n
  • Ingestion points: The skill retrieves page and block content using the GET /v1/blocks/{page_id}/children endpoint as documented in SKILL.md.\n
  • Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are provided to help the agent distinguish between its system prompt and data retrieved from the API.\n
  • Capability inventory: The skill possesses extensive write capabilities, including creating pages (POST /v1/pages), creating/querying databases (POST /v1/data_sources), and updating blocks (PATCH /v1/blocks/{page_id}/children).\n
  • Sanitization: There is no evidence of sanitization or validation of the content fetched from the Notion API before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 01:09 AM
Security Audit — agent-trust-hub — notion