Notion
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Provides standard shell commands (mkdir, echo, cat, curl) for API interaction and local configuration management.
- [EXTERNAL_DOWNLOADS]: Interacts with
api.notion.com, which is the official and well-known endpoint for the Notion API. Documentation neutrally describes these network operations as part of the core functionality. - [DATA_EXPOSURE]: Instructs users to manage an API key in a local configuration file (
~/.config/notion/api_key). This is standard behavior for the skill's intended purpose and does not access sensitive system-wide credentials. - [PROMPT_INJECTION]: The skill retrieves content from external Notion pages and databases. This represents a surface for indirect prompt injection if the retrieved content is subsequently processed by an agent without sufficient boundary markers or sanitization. This is a known risk inherent to skills that ingest user-controlled data.
Audit Metadata