notion-pages
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Communicates with the official Notion API (
api.notion.com). This interaction is the primary purpose of the skill and targets a well-known service.\n- [DATA_EXFILTRATION]: Accesses the configuration file~/.config/notion/config.jsonto retrieve the Notion API token. This is a legitimate use of locally stored credentials required for authentication with the Notion service.\n- [PROMPT_INJECTION]: The skill reads external content from Notion pages, which constitutes a surface for indirect prompt injection if a page contains malicious instructions.\n - Ingestion points: Content and titles are ingested from Notion via the
cmd_getandcmd_searchfunctions inscripts/notion_pages.py.\n - Boundary markers: None are implemented; data is returned as plain markdown-formatted text to the agent.\n
- Capability inventory: The skill can search, read, create, update, and append Notion pages. It does not have access to the local shell or file system writes.\n
- Sanitization: Content is converted from Notion's block format to markdown text without any filtering for instructions or malicious patterns.
Audit Metadata