moai-connector-notion
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes external data which could contain malicious instructions. Evidence: 1. Ingestion points: Notion API query results and WebFetch tool outputs. 2. Boundary markers: None identified in the prompt logic. 3. Capability inventory: The skill allows for bash command execution (Bash tool) and write operations to the Notion workspace. 4. Sanitization: No evidence of input validation or escaping for the ingested content.
- Credential Handling (SAFE): The implementation uses best practices by retrieving the Notion API key from environment variables (os.getenv).
Audit Metadata