Skills
NYC
skills/smithery/ai/notion/Gen Agent Trust Hub

notion

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Data Exposure & Exfiltration] (SAFE): The skill accesses a local configuration file at ~/.config/notion/api_key to retrieve the API key. This is the intended primary purpose of the skill for authentication with the Notion service. The key is only transmitted to the legitimate api.notion.com domain.
  • [Indirect Prompt Injection] (LOW): The skill reads content from external Notion pages and databases which may contain malicious instructions designed to influence the agent's behavior.
  • Ingestion points: API endpoints in SKILL.md for fetching block children (/v1/blocks/{page_id}/children) and querying data sources (/v1/data_sources/{data_source_id}/query).
  • Boundary markers: Absent. The instructions do not include delimiters or warnings to ignore instructions within the retrieved data.
  • Capability inventory: The agent can perform CRUD operations on the user's Notion workspace and make network requests to the Notion API.
  • Sanitization: Absent. The skill provides no mechanisms for filtering or escaping content retrieved from the API before processing.
  • [Command Execution] (SAFE): The skill provides standard curl commands for interacting with the Notion API. These are routine operations for an API-based skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:40 PM