Skills
skills/letta-ai/lettabot/notion/Gen Agent Trust Hub

notion

Warn

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill accesses a sensitive local file path to retrieve authentication credentials.
  • Evidence: Setup instructions and API examples in SKILL.md utilize the command cat ~/.config/notion/api_key to obtain the API key.
  • Context: This access is the primary method for authenticating requests to the official Notion API.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from external Notion pages, creating an attack surface for indirect prompt injection.
  • Ingestion points: Content is retrieved via the Notion API endpoint GET /v1/blocks/{page_id}/children as shown in SKILL.md.
  • Boundary markers: Absent. The skill does not define delimiters or provide instructions to the agent to ignore commands within the fetched content.
  • Capability inventory: The skill uses curl for network requests and cat for reading local files, providing potential paths for data movement.
  • Sanitization: No evidence of sanitization, validation, or escaping of the fetched Notion block content is provided.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 11, 2026, 11:40 PM