notion-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's "Slack → Notion Task" workflow (core workflows) explicitly captures and AI-parses arbitrary Slack message text (user-generated third-party content) to extract titles, due dates, and priorities which directly drive creating Notion tasks and subsequent actions, and similar flows ingest Typeform/Google Form and GitHub issue content—clear evidence in SKILL.md that untrusted external content is read and used to control tool behavior.