better-notion
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: Interacts with the official Notion API (api.notion.com), a well-known service, for data management operations.
- [CREDENTIALS_UNSAFE]: The skill instructs the user to store a Notion API key in plain text in a predictable file path (~/.config/notion/api_key) and later reads it via command substitution.
- [PROMPT_INJECTION]: Indirect Prompt Injection: Ingestion points: The skill fetches content from Notion pages, blocks, and databases (SKILL.md). Boundary markers: No markers are defined to separate untrusted Notion content from instructions. Capability inventory: The skill has the capability to perform CRUD operations on Notion data. Sanitization: No sanitization or validation of data retrieved from Notion is specified.
- [COMMAND_EXECUTION]: Employs shell commands (curl) with placeholder interpolation for IDs and data. If these placeholders are populated from untrusted sources without validation, it could lead to command injection.
Audit Metadata