notion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and processes user-generated Notion content (see SKILL.md and notion-cli.js commands like query-database, get-page, search, and append-body) — i.e., it reads/searches pages and database entries from a third-party Notion workspace and then uses that content to drive actions (add/append/update, webhooks/cron automations), which could allow indirect prompt-injection via untrusted page content.