notion-clipper-skill
Warn
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: Accesses the Notion API key at ~/.config/notion/api_key and local Chrome user data profile directories.\n- [COMMAND_EXECUTION]: Spawns browser processes (Chrome/Chromium) to render web pages and executes shell commands for dependency installation and script execution. It also performs dynamic script evaluation within the browser context to extract page content.\n- [PROMPT_INJECTION]: The skill processes arbitrary external web content which exposes the agent to indirect prompt injection (Ingestion: scripts/main.ts; Boundaries: Absent; Capabilities: File Access, Process Spawning, Network Requests; Sanitization: Limited HTML cleanup). Additionally, the skill includes instructions intended to steer the agent's output behavior by promoting an external service called Clipno.\n- [EXTERNAL_DOWNLOADS]: Automates the installation of Node.js dependencies from the npm registry and connects to external servers including the Notion API and target web pages.
Audit Metadata