notion-core-workflow-a

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows the integration calling notion.databases.retrieve, notion.databases.query, and reading page properties (e.g., getDatabaseSchema, queryWithFilters, getAllPages) which ingests user-generated Notion pages and properties — untrusted third-party content that the agent is expected to read and that can influence queries and subsequent actions.