Skills
skills/inforix/skills/notion-to-weixin/Gen Agent Trust Hub

notion-to-weixin

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill extensively uses shell commands to interact with Notion and Weixin APIs via CLI tools.
  • Evidence: Uses notion-cli for searching and exporting pages, and node-wxcli for uploading materials and creating drafts.
  • [EXTERNAL_DOWNLOADS]: Downloads cover images and other assets from Notion's servers or external URLs specified in the page metadata.
  • Evidence: Employs curl -L and notion files read to download image files to a temporary directory.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from Notion pages which could contain malicious instructions.
  • Ingestion points: Notion page Markdown content exported to /tmp/notion-to-weixin/ in SKILL.md Step 2.
  • Boundary markers: None; the agent processes the Markdown file content directly.
  • Capability inventory: Executes CLI commands (node-wxcli, notion-cli, curl), reads/writes files in /tmp, and performs network requests.
  • Sanitization: No sanitization or validation is performed on the ingested Markdown content or metadata before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 06:59 AM