notion
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: Credential Safety: The skill correctly manages authentication by checking for the
NOTION_INTEGRATION_KEYenvironment variable or asking the user for it, which avoids hardcoding sensitive secrets. - [SAFE]: Verified Communication: All network operations are directed to official Notion API domains (
api.notion.com). - [PROMPT_INJECTION]: Indirect Prompt Injection Surface: The skill interacts with the Notion API to retrieve page content and search results. This establishes an ingestion surface where malicious instructions could potentially be embedded in Notion data. This surface is expected for a skill designed to manage external knowledge bases.
- Ingestion points: api.notion.com/v1/search and api.notion.com/v1/pages (README.md and SKILL.md).
- Boundary markers: Not present; data is piped directly into the agent's context.
- Capability inventory: Execution of shell commands using
curlandjqto interact with the external API. - Sanitization: No explicit content sanitization or validation is applied to the retrieved JSON data before processing by the agent.
Audit Metadata