notion-search-retrieve

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and reads user-generated Notion workspace content (e.g., notion.search(), notion.pages.retrieve(), and notion.blocks.children.list() in SKILL.md and examples) and uses that content for summaries/exports, so untrusted page/block text could indirectly inject instructions that influence agent decisions and actions.