notion
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides illustrative examples of interacting with the official Notion API at
api.notion.com. All documented methods are standard and align with official API usage. - [DATA_EXFILTRATION]: The setup instructions guide users to store their integration key in a local configuration file at
~/.config/notion/api_key. While this involves sensitive credentials, it is a routine pattern for command-line tools and is required for the intended functionality of the skill. - [PROMPT_INJECTION]: The skill facilitates the ingestion of external data from Notion pages and databases, which presents a surface for indirect prompt injection.
- Ingestion points: Data is retrieved through page and block retrieval endpoints as documented in
SKILL.md. - Boundary markers: No delimiters or instructions to ignore embedded content are specified in the documentation.
- Capability inventory: The skill allows the agent to search, read, create, and update Notion content using the API.
- Sanitization: There is no mention of sanitizing or validating the content retrieved from Notion before it is processed.
Audit Metadata