notion-reader

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs extracting and entering the Notion session cookie (token_v2) manually and stores it in a config file, which means an agent would likely ask for and embed the secret cookie value verbatim into requests/commands (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly fetches and parses arbitrary Notion pages (user-generated/untrusted content) via the internal loadPageChunk API using token_v2 — see SKILL.md and scripts/notion_reader.py (read -> _fetch_page_content -> _notion_request) — so the agent will read third‑party content that could contain instructions influencing its actions.