Security risk report for @forgecat/openai_skills_notion-meeting-intelligence v0.0.10
Source Integrity
Low
Profile sourced from OpenAI's official skills repository (github.com/openai/skills) with clear attribution and Apache-2.0 license.
Commit hash and timestamp provided for traceability; no obfuscation or suspicious origin indicators.
Agent Intent
Low
Content describes legitimate meeting preparation workflows (gathering Notion context, drafting agendas, enriching with research) without instructing the agent to ignore instructions, exfiltrate data, or manipulate its own behavior.
Examples and templates document standard business practices (customer meetings, executive reviews, sprint planning, decision-making) with no hidden directives to weaken security, install malicious dependencies, or leak system prompts.
Workflow steps are transparent and user-facing: search Notion, fetch pages, create documents, link resources—all normal tool usage with no guidance poisoning or role hijacking.
Details
Evidence
SKILL.md workflow: 'Ask for objective...Search Notion...Fetch key pages...Choose format...Build agenda...Enrich with research...Finalize and share' — standard meeting prep.
Examples show legitimate use: 'Create Internal Pre-Read' and 'Create Meeting Agenda' with Notion:notion-create-pages and Notion:notion-update-page calls.
Templates (decision, status, brainstorming, sprint planning, retro, 1:1) are standard business meeting structures with no injected malicious instructions.
Permissions
Low
Skill declares only Notion MCP integration (search, fetch, create, update pages)—scoped to meeting preparation use case.
No shell, file_write, file_delete, or high-risk tool categories requested; no alwaysApply=true rules with broad globs.
Authority matches stated function: read/write Notion workspace for meeting materials, no excessive access to unrelated systems.
Details
Evidence
MCP server declared: 'notion' at 'https://mcp.notion.com/mcp' only.
Tool calls in examples: Notion:notion-search, Notion:notion-fetch, Notion:notion-create-pages, Notion:notion-update-page—all Notion-scoped.
No file system, shell, or network access tools declared or used.
MCP Risk
MCP-000Medium
The Notion MCP server points to the official Notion-hosted endpoint (https://mcp.notion.com/mcp), which is a known, legitimate service, reducing supply-chain risk.
However, the server requires OAuth authentication and grants the agent read/write access to the user's entire Notion workspace, which is broader than strictly necessary for any single meeting.
No hidden instructions or arbitrary binary execution are present in the MCP definition, but the broad workspace scope warrants a caution rating.