notion-master
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill provides instructions for managing sensitive API keys and database IDs via environment variables stored in a
.envfile. Documentation explicitly warns users not to commit this file to version control and suggests rotating keys if compromised. (Evidence: references/setup-guide.md). - [EXTERNAL_DOWNLOADS] (SAFE): The integration targets the official Notion API (api.notion.com). It requires standard, reputable Python libraries (requests, pyyaml) which are generally acceptable for this use case. (Evidence: references/error-handling.md).
- [COMMAND_EXECUTION] (SAFE): The skill includes documentation for
curlcommands and shell scripts. These are intended for developer-side configuration, testing, and manual troubleshooting rather than for automated, untrusted execution by the agent. (Evidence: references/api-reference.md). - [Dynamic Execution] (SAFE): The included Python script (
scripts/rate_limiter.py) implements standard exponential backoff logic for API rate limiting. It contains no use of unsafe dynamic execution sinks such aseval(),exec(), or runtime compilation. (Evidence: scripts/rate_limiter.py).
Audit Metadata