notion-reference-architecture

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated Notion content via the Notion API (e.g., src/repositories/database.repo.ts queryAll / getRecords, src/services/cms.service.ts getPageBlocks, and src/events/processors.ts which retrieves pages), and that content is used in runtime workflows and event handlers that can influence actions (syncs, notifications, cache/validation), so untrusted third-party content could indirectly inject instructions.