notion-sync
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local CLI tool named
hikma-syncusing theuvpackage manager. The commands are targeted at a specific local directory (~/Development/hikmaAI/automation/hikmaai_notion_obsidian_sync/) and are used for synchronizing data between Notion and an Obsidian vault. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests data from external Notion pages and databases (ingestion points) to generate AI summaries. An attacker with access to the Notion workspace could embed malicious instructions in a page that might influence the agent's behavior during the summary generation phase. There are no explicit boundary markers or sanitization logic defined in the skill to handle untrusted input from Notion.
Audit Metadata