notion-save
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of a local Python script (scripts/save_to_notion.py) to process and upload content to Notion.
- [DATA_EXFILTRATION]: The script transmits data to api.notion.com. Notion is recognized as a well-known service, and this network activity is consistent with the skill's stated purpose.
- [PROMPT_INJECTION]: (1) Ingestion points: Data is read from local files via the --file argument and from strings via the --content argument. (2) Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands in the processed data. (3) Capability inventory: The script can read any local file accessible to the agent and perform network write operations to the Notion API. (4) Sanitization: The script parses markdown into Notion blocks but does not perform semantic sanitization to prevent the processing of malicious instructions embedded in the input.
Audit Metadata