notion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md explicitly documents using Membrane to call Notion APIs (e.g., get-page, get-block-children, list-comments, search) which fetch and expose user-generated Notion pages/comments that the agent would read and could contain arbitrary instructions influencing subsequent actions.