notion-sdk
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes the official and well-known notion-client library for all API operations, ensuring that the integration follows documented and secure protocols.
- [SAFE]: Authentication is handled securely through the AskUserQuestion tool, which prompts the user for a token at runtime, avoiding the risk of hardcoded credentials or insecure storage.
- [SAFE]: Data management is performed using structured property and block builders (e.g., scripts/create_page.py, scripts/add_blocks.py), which act as a robust sanitization layer by ensuring all input is correctly formatted for the Notion API schema.
- [SAFE]: No signs of obfuscation, remote code execution from untrusted sources, or privilege escalation were found. The skill maintains a clear mapping between its stated purpose and its implementation.
- [SAFE]: The potential for indirect prompt injection from Notion content is mitigated by the skill's design, which processes results through structured objects and provides clear documentation on handling pagination and read-after-write consistency.
Audit Metadata