notion-lifeos
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill follows security best practices by instructing users to store sensitive Notion API keys in a dedicated local file (~/.config/notion/api_key) and explicitly recommending restrictive file permissions (chmod 600) to prevent unauthorized local access.
- [COMMAND_EXECUTION]: The skill utilizes shell commands (curl) to interact with the official Notion API. This activity is restricted to the intended functionality of managing the LifeOS databases and is conducted over secure HTTPS connections.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it retrieves and processes user-generated content from Notion databases (Notes, Tasks, Projects).
- Ingestion points: Data enters the agent context via Notion API query responses (e.g., from the Notes database) as described in SKILL.md.
- Boundary markers: No specific boundary markers or 'ignore' instructions are provided to the agent when processing data retrieved from Notion.
- Capability inventory: The skill can execute API calls to create or update pages in Notion based on instructions, but lacks broader system-level execution capabilities.
- Sanitization: Content retrieved from Notion is not explicitly sanitized before being interpreted by the agent.
Audit Metadata