ntion-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an explicit example of passing an auth token on the command line (ntion auth --token "secret_xxx"), which encourages embedding secrets verbatim in generated commands and thus risks secret exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill issues commands like ntion pages get, ntion blocks get, and ntion search that read and ingest user-generated Notion workspace content (third-party user content) which the agent is expected to interpret as part of its workflow, so it can expose the agent to indirect prompt injection.