Security Audit
openai/skills:skills/.curated/notion-spec-to-implementation
github.com/openai/skillsTrust Assessment
openai/skills:skills/.curated/notion-spec-to-implementation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary Command Execution via MCP Setup Instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on July 17, 2026 (commit 49f948fa). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary Command Execution via MCP Setup Instructions The skill instructions direct the host LLM/agent to execute arbitrary shell commands (`codex mcp add...`, `codex --enable rmcp_client`, and `codex mcp login...`) if an MCP call fails. This allows untrusted markdown instructions to trigger local command execution on the user's machine under the guise of setup steps. Remove shell command execution instructions from the skill workflow. Instead, instruct the LLM to ask the user to manually configure their Notion MCP connection or use standard, pre-configured tool definitions without executing setup commands on the host shell. | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/fb662b29b0dfd958)
Powered by SkillShield