notion-api
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill is designed to retrieve authentication tokens from a local configuration file if environment variables are not provided.
- Evidence: In
scripts/notion-api.mjs, thereadKeyfunction attempts to read from~/.config/notion/api_keyto authenticate API requests. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes data from external Notion sources that can be controlled by third parties.
- Ingestion points:
scripts/notion-api.mjsfetches search results, database queries, and block content from the Notion API. - Boundary markers: Absent. The output does not include delimiters or specific instructions for the agent to disregard instructions within the data.
- Capability inventory: The skill can create pages, update blocks, and append content to pages via the Notion API.
- Sanitization: Absent. The script outputs raw JSON from the API to stdout without filtering or escaping content.
Audit Metadata