vibe-notionbot
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill metadata specifies the installation of the 'vibe-notion' package from the Node.js package registry (npm).
- [COMMAND_EXECUTION]: The skill uses the 'vibe-notionbot' CLI via Bash to execute operations such as searching, retrieving, and updating Notion content.
- [DATA_EXFILTRATION]: The tool provides functionality to read local markdown files and images and upload them to Notion's official API endpoints (e.g., using 'page create --markdown-file' or 'block upload --file'). This behavior is neutral as it targets a well-known service (Notion) and is essential to the skill's purpose.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from external sources (Notion workspace) that could contain adversarial instructions.
- Ingestion points: Untrusted data enters the agent context via 'vibe-notionbot page get', 'block children', 'comment list', 'search', and 'database query' commands in 'SKILL.md'.
- Boundary markers: Absent. The instructions do not specify delimiters or warnings to ignore embedded instructions in the ingested data.
- Capability inventory: The 'vibe-notionbot' CLI permits reading local files and performing network writes to the Notion API.
- Sanitization: Absent. No explicit validation or filtering of external content is mentioned in 'SKILL.md'.
Audit Metadata