Skills
skills/michailbul/laniameda-skills/notion-sync/Gen Agent Trust Hub

notion-sync

Warn

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill is configured to read a Notion API key from a local configuration file at ~/.config/notion/api_key, as documented in SKILL.md and implemented in sync.py.
  • [DATA_EXFILTRATION]: The sync.py script performs network requests to the well-known service api.notion.com. It transmits information provided via command-line arguments and credentials retrieved from the local filesystem.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it retrieves and displays content (such as task names and notes) from Notion databases which may be influenced by external parties.
  • Ingestion points: Data is fetched from Notion databases in sync.py using the query_db and find_page functions.
  • Boundary markers: The script does not implement delimiters or specific instructions to the agent to ignore potentially malicious content within the retrieved data.
  • Capability inventory: The skill has the capability to perform network requests, read local files, and modify content in Notion databases.
  • Sanitization: While the script uses json.dumps for outgoing API requests, it does not sanitize or escape the content retrieved from Notion before printing it to the console.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 3, 2026, 05:29 PM