notion-research-documentation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly fetches and synthesizes external content (uses Notion:notion-search and Notion:notion-fetch as primary steps) and its reference/advanced-search.md states searches can include connected third-party sources (Slack, Google Drive, GitHub issues/PRs, Jira) and examples cite external websites (e.g., "Stripe.com pricing page"), so the agent will read and act on untrusted/user-generated third-party content that can influence decisions.