notion
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE] (MEDIUM): The skill recommends storing a sensitive API key in a plain text file at
~/.config/notion/api_key. Unencrypted storage of credentials on the local filesystem poses a risk of exposure. - [DATA_EXFILTRATION] (MEDIUM): The skill reads the
~/.config/notion/api_keyfile and sends its content toapi.notion.comvia an Authorization header. While functionally necessary, this behavior involves accessing sensitive user files and transmitting data to an external endpoint. - [Indirect Prompt Injection] (LOW): The skill ingests external data from the Notion API, which could include adversarial instructions intended to manipulate agent behavior.
- Ingestion points: Results from
curlcalls to search, page, and block endpoints inSKILL.md. - Boundary markers: No boundary markers or isolation techniques are implemented.
- Capability inventory: The skill uses
curlfor API operations; no dynamic execution of retrieved content is detected. - Sanitization: No sanitization of ingested content from Notion is documented.
Audit Metadata