notion-operations

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's example code accepts an apiKey parameter and concatenates it directly into Authorization headers for HTTP requests, which requires the agent to accept and embed secret API tokens verbatim in outputs/requests.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests and processes third-party content — e.g., the "Link Collection" pattern ("Webhook (URL) → Fetch Content → AI Analysis"), URL-based deduplication, and fields like Source: 'YouTube' and Transcript — and also queries Notion pages (user-generated content) which the agent reads/interprets as part of its workflow.