notion
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill facilitates access to a sensitive API key stored in
~/.config/notion/api_key. Although the key is sent to the official Notion API domain (api.notion.com), reading credentials from the filesystem is a sensitive operation. - [COMMAND_EXECUTION]: The skill instructions involve executing shell commands such as
mkdir,echo,cat, andcurlto manage configuration and perform API requests. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its data processing workflow.
- Ingestion points: The skill retrieves content from external Notion pages, blocks, and databases via API calls.
- Boundary markers: The instructions do not include markers to separate untrusted data or warn the agent about potential embedded instructions within that data.
- Capability inventory: The skill can modify Notion data through various write operations (POST, PATCH) using
curl. - Sanitization: There is no evidence of sanitization or validation of the content retrieved from the API before it is processed by the agent.
Audit Metadata