The Agent Skills Directory

[DATA_EXFILTRATION]: The skill intercepts and stores Notion session cookies and user IDs from the user's browser in plaintext at ~/.config/notion/. These files contain the 'token_v2' token, which provides full authenticated access to the user's Notion account. It also reads the Notion API key from ~/.config/notion/api_key.\n- [COMMAND_EXECUTION]: Multiple scripts, including get_cookies_auto.py and get_cookies_cdp.py, launch web browsers with remote debugging enabled or in non-headless modes to capture session data, which is an invasive technique typically used for session hijacking.\n- [EXTERNAL_DOWNLOADS]: The skill performs unverified installations of the websocket-client Python package from the official Python Package Index (PyPI) at runtime using pip with the --break-system-packages flag.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It retrieves the title of a Notion template via the official API and passes it directly to the AI for generating marketplace metadata (such as descriptions and slugs). Without sanitization or boundary markers, a maliciously crafted template title could manipulate the AI's output and the final marketplace submission.

notion-market-publish-skill