notion
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill uses
curlto transmit data toapi.notion.com. While this is the official service endpoint, it is not on the pre-approved whitelist for exfiltration analysis. - [PROMPT_INJECTION] (LOW): The skill reads external content from Notion, creating an indirect prompt injection surface. 1. Ingestion points: Data enters the context through
api.notion.com/v1/searchand block retrieval endpoints. 2. Boundary markers: Absent; there are no instructions to the agent to treat retrieved content as untrusted. 3. Capability inventory: Shell command execution viacurlandjq. 4. Sanitization: Absent; data is displayed to the agent context without filtering.
Audit Metadata