notion
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill provides instructions for the user to manually store an API key in a local configuration file (
~/.config/notion/api_key) and usescatto retrieve it. This is a common and acceptable pattern for local CLI tool configuration. - [EXTERNAL_DOWNLOADS]: The skill interacts exclusively with
api.notion.com. Notion is a well-known and established productivity service, making this a trusted communication channel for the skill's intended purpose. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill retrieves content from Notion pages and database queries which may contain external or untrusted data (SKILL.md).
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are included in the prompt templates.
- Capability inventory: The skill uses shell commands (
curl) for network operations and possesses basic filesystem capabilities (mkdir,echo,cat) for configuration management. - Sanitization: There is no evidence of data sanitization or validation for content fetched from the Notion API.
Audit Metadata