Skills
skills/makenotion/skills/notion-cli/Gen Agent Trust Hub

notion-cli

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the ntn command-line utility globally via npm using the command npm i -g ntn@latest.
  • [COMMAND_EXECUTION]: The skill relies on the execution of various ntn subcommands (e.g., ntn api, ntn files, ntn workers) which perform network operations and interact with the local environment.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes content from the Notion API and files.
  • Ingestion points: API responses from ntn api and file lists from ntn files list (SKILL.md).
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are provided to protect against malicious content in Notion pages or databases.
  • Capability inventory: The agent has the ability to perform network requests, upload files, and deploy or execute code via ntn workers (SKILL.md).
  • Sanitization: No sanitization or validation logic is defined for the data retrieved from Notion before it is used by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 06:17 PM