notion
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the
@membranehq/clipackage from npm. This is a legitimate tool provided by the vendor (membranedev) to manage the Membrane ecosystem. - [COMMAND_EXECUTION]: The skill uses the
membranecommand-line utility for operations such as logging in, creating connections, and executing Notion actions. These commands are part of the intended and documented workflow for the integration. - [PROMPT_INJECTION]: The skill processes untrusted data from Notion (e.g., page content, blocks, and comments) through actions such as
query-databaseandlist-comments. While the skill does not explicitly provide boundary markers or sanitization steps for this ingested content, the operations are limited to the context of the Membrane CLI and its pre-defined actions.
Audit Metadata