notion
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides shell command templates using
curlto interact with the Notion API. - [DATA_EXFILTRATION]: The skill reads a sensitive API key from a local file located at
~/.config/notion/api_key. While this key is transmitted to a well-known service (api.notion.com), the access to sensitive configuration files on the filesystem is documented as a data access pattern. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it retrieves content from Notion pages and databases. This external data could contain instructions that influence agent behavior. 1. Ingestion points: Page blocks and search results fetched from the Notion API. 2. Boundary markers: None provided in the command templates. 3. Capability inventory: Network requests via
curl. 4. Sanitization: No explicit sanitization or validation of the retrieved content is performed.
Audit Metadata