notion-webhooks-events
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by ingesting and processing data from external sources.
- Ingestion points: Data enters the agent context through Notion API calls such as
notion.search,notion.databases.query, andnotion.blocks.children.listinSKILL.md. - Boundary markers: The provided implementation examples do not use specific boundary markers or instructions to the agent to ignore embedded commands within the fetched Notion data.
- Capability inventory: The skill has access to powerful tools including
Bash(node:*),Bash(npx:*),Bash(npm:*),Bash(curl:*), and general file systemRead,Write, andEdittools. - Sanitization: There is no explicit sanitization or validation of the retrieved content before it is logged or processed, which could allow instructions hidden in Notion pages to influence agent behavior.
Audit Metadata