notion-ci-integration
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill incorporates a surface for indirect prompt injection through its configuration management functionality. In
scripts/notion-read-config.js, the skill retrieves properties from a Notion database and writes them directly to a local file (notion-config.json) which is then consumed by build steps. If the Notion database is compromised or edited by unauthorized users, it could lead to the injection of malicious configuration into the build environment.\n - Ingestion points: Notion database query results in
scripts/notion-read-config.js.\n - Boundary markers: Absent; data is extracted and serialized to JSON without delimiters or validation.\n
- Capability inventory: Access to GitHub Actions shell environments and package managers.\n
- Sanitization: No verification or filtering is performed on data retrieved from the Notion API before it is written to the build environment.\n- [COMMAND_EXECUTION]: The skill includes several scripts and workflow templates that execute shell commands and runtime-interpreted code (Node.js/Python) to facilitate repository automation.\n- [DATA_EXFILTRATION]: Repository metadata, including changelogs, release notes, and commit identifiers, is transmitted to the Notion API. This is the intended behavior of the integration but involves sending internal data to an external SaaS platform.\n- [EXTERNAL_DOWNLOADS]: The skill relies on official client libraries for the Notion API, specifically
@notionhq/clientfrom NPM andnotion-clientfrom PyPI.
Audit Metadata