notion-api

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill primarily uses an environment variable (safe) but explicitly instructs asking for or using a user-provided API key in-context and to include it in requests (Authorization header), which can force the LLM to accept and embed secret values verbatim — an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to fetch and read user-generated Notion content (e.g., "Retrieve block children", "Retrieve comments", and page/database retrievals via the Notion API), including embeds, bookmarks, and external URLs, which are arbitrary third‑party/user content that could contain indirect prompt injection.