notion-automation
Warn
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the configuration of an external MCP server at 'https://rube.app/mcp'. This introduces a dependency on an unverified third-party service that acts as the execution environment for the agent's Notion tools.
- [DATA_EXFILTRATION]: Using the Rube MCP service involves routing sensitive Notion data, database contents, and OAuth authentication processes through the 'rube.app' domain, which is not a well-known or trusted service provider.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from Notion pages and databases. 1. Ingestion points: Notion page and database content retrieved via search and fetch tools. 2. Boundary markers: Absent from the tool instructions. 3. Capability inventory: Substantial capabilities including creating, updating, and deleting Notion pages, blocks, and database schemas. 4. Sanitization: No sanitization or validation of the ingested external content is specified before processing.
Audit Metadata