Skills
skills/casret/pipedream/pd-notion-search/Gen Agent Trust Hub

pd-notion-search

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes its search functionality by invoking npx tsx on a local TypeScript file (resources/pd-notion.ts).\n- [EXTERNAL_DOWNLOADS]: The use of npx potentially triggers the download of the tsx package from the NPM registry if it is not already available in the environment.\n- [PROMPT_INJECTION]: The skill demonstrates an attack surface for indirect prompt injection through its interaction with external data.\n
  • Ingestion points: The agent ingests untrusted data from Notion page and database titles via the search command in SKILL.md.\n
  • Boundary markers: No delimiters or instructions are provided to the agent to treat search results as data rather than instructions.\n
  • Capability inventory: The skill allows command execution using npx as defined in the SKILL.md file.\n
  • Sanitization: There is no evidence of sanitization or filtering of the Notion search results before they are presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 01:31 AM