notion-2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly reads and queries Notion pages and databases via the Notion API (see SKILL.md commands like "notion-cli page get <page_id>" and "notion-cli db query <database_id>"), which are user-generated, third-party Notion contents that the agent would ingest and could materially influence subsequent actions, creating a risk of indirect prompt injection.