notion-db
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes POST requests to the Notion API at api.notion.com to retrieve database records.
- [COMMAND_EXECUTION]: Executes the Python script
scripts/notion_db.pyvia Bash to perform API operations. - The script has the capability to read local files when provided with
--filter-fileor--sorts-filearguments. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes data from external Notion databases which are not under the direct control of the agent.
- Ingestion points: Data enters the agent's context through Notion API responses fetched in
scripts/notion_db.py. - Boundary markers: No explicit boundary markers or instructions are provided to the agent to treat the retrieved content as untrusted.
- Capability inventory: The script is permitted to execute Python code, read local files, and perform network requests to Notion.
- Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the Notion database before it is presented to the agent.
Audit Metadata