notion
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Surface for indirect prompt injection identified.\n
- Ingestion points: The skill reads data from Notion pages, blocks, and search results via API endpoints defined in
SKILL.md.\n - Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the documentation for handling external content.\n
- Capability inventory: The skill possesses write capabilities including creating pages, updating blocks, and modifying databases throughout the
SKILL.mdfile.\n - Sanitization: There is no evidence of content validation or sanitization for data retrieved from the Notion API.\n- [COMMAND_EXECUTION]: Executes network operations using
curlto interact withapi.notion.com.\n - These commands are documented as the core functionality of the skill and target a well-known service domain.
Audit Metadata