notion-onboarding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill runs Notion CLI commands that inspect and ingest the user's Notion workspace (e.g., "notion inspect ws --json" and "notion inspect schema <db_id> --llm"), reading user-generated Notion pages/databases into ~/.config/notion/workspace.json which future agent actions rely on—so untrusted user content could influence behavior.