vibe-notionbot
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill metadata and documentation specify the installation of the 'vibe-notion' package from the NPM registry. This package is managed by the skill's author (devxoul) and provides the required CLI tools.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads untrusted content from Notion and possesses capabilities to modify the workspace based on that data.
- Ingestion points: External data enters the agent context through commands that fetch page details, search results, database queries, and block children as defined in SKILL.md.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat retrieved Notion content as untrusted data or to ignore embedded instructions within that content.
- Capability inventory: The skill provides extensive write capabilities, including 'page.create', 'page.update', 'block.append', 'block.update', 'comment.create', and 'database.create'.
- Sanitization: The skill does not implement or describe any sanitization, filtering, or validation processes for the data retrieved from Notion before it is processed by the agent.
Audit Metadata