notion-sdk

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user to input their Notion integration token and demonstrates embedding it directly into code (e.g., Client(auth="ntn_...")) and calling validate_token(), which requires the LLM to handle and potentially output the secret verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly reads and processes user-generated Notion content (e.g., SKILL.md Quick Start and Query Database examples and the functions in scripts/query_database.py: query_data_source/search_workspace and scripts/add_blocks.py: get_block_children/append_blocks) — so arbitrary third‑party pages/blocks can be ingested and could materially influence subsequent API actions.