notion-mcp-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks the user to paste the full OAuth callback URL and then includes that callback URL verbatim in a uxc command (--authorization-response '<callback-url>'), which requires the LLM to receive and output sensitive authorization data.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to run notion-fetch against Notion page URLs (e.g., "notion-mcp-cli notion-fetch id="https://notion.so/your-page-url\"" in SKILL.md and references/usage-patterns.md), meaning the agent will ingest arbitrary user-generated Notion page content which can directly influence subsequent tool actions and writes.