Skills
skills/linuxhsj/openclaw-zero-token/notion/Gen Agent Trust Hub

notion

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides numerous curl commands to interact with the Notion API endpoints for searching, reading, and updating content.
  • [DATA_EXFILTRATION]: The skill instructs the user to store a sensitive API key in a local file (~/.config/notion/api_key) and subsequently reads this file to populate the authorization header in API requests. While this is performed to facilitate communication with the well-known service api.notion.com, it involves access to sensitive file paths.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection (Category 8).
  • Ingestion points: Data is ingested from Notion blocks, pages, and data sources through GET and POST requests (SKILL.md).
  • Boundary markers: The skill does not implement boundary markers or instructions to ignore embedded commands in the retrieved data.
  • Capability inventory: The skill utilizes curl for network operations and data retrieval (SKILL.md).
  • Sanitization: There is no evidence of sanitization or filtering of the content retrieved from external Notion resources.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 12:13 AM