notion-cli
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to install the Notion CLI tool by downloading and executing a shell script from
https://ntn.dev. This is a primary setup step for the tool required for the skill's functionality.\n- [EXTERNAL_DOWNLOADS]: The skill references and downloads content fromhttps://ntn.dev, which is the designated domain for thentnCLI tool used for Notion API integration.\n- [COMMAND_EXECUTION]: The skill enables the agent to execute a variety of shell commands through thentnbinary, including API requests, file uploads, and worker deployments.\n- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection due to its data processing capabilities.\n - Ingestion points: The agent ingests external data from the Notion API (users, pages, databases) and uploaded files.\n
- Boundary markers: There are no explicit instructions for using delimiters to isolate data from instructions or warnings to ignore embedded commands in the ingested content.\n
- Capability inventory: The skill has broad capabilities including shell command execution, file system access, and remote deployment of worker code.\n
- Sanitization: The instructions do not specify any sanitization, validation, or filtering of the content retrieved from the Notion API before it is processed by the agent.
Audit Metadata