notion-market-publish-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches user-generated Notion content (template page title and child pages) via the Notion API and by navigating to https://www.notion.so/profile/templates (see SKILL.md and scripts/notion_api.py / scripts/get_cookies*.py), and that fetched third‑party content is used by the AI to detect locale, generate slugs, choose categories/descriptions, and drive submission actions—so untrusted content can materially influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly integrates with Stripe: it asks for a Stripe product ID, mentions an optional Stripe account for paid templates, and details concrete calls such as mcp__stripe__list_prices, mcp__stripe__create_price, and mcp__stripe__create_payment_link (including JPY→USD conversion and creation of one-time prices/payment links). These are specific payment-gateway operations to create prices and payment links — i.e., direct financial execution capability.