notion-sdk

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user to provide their Notion integration token and then instructs using/validating it (e.g., Client(auth="ntn_...") and validate_token()), which requires the agent to receive and embed the secret value verbatim in API calls or outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly reads user-generated Notion content via the Notion API (e.g., client.data_sources.query and client.search in scripts/query_database.py and collect_paginated_api/client.blocks.children.list in scripts/add_blocks.py and SKILL.md examples), and those retrieved pages/blocks are consumed in workflow examples and used to drive follow-up API actions (append/update/archive), so untrusted third‑party content could influence agent behavior.