notion
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill retrieves data from the Notion API, which introduces an attack surface for indirect prompt injection.\n
- Ingestion points: Data is fetched from api.notion.com in the Search, Get page, Query database, List databases, and Get block children sections of SKILL.md.\n
- Boundary markers: There are no explicit markers or instructions to the agent to disregard instructions within the retrieved content.\n
- Capability inventory: The skill performs HTTP requests via curl and processes JSON with jq.\n
- Sanitization: The skill does not implement specific sanitization of the content fetched from Notion before processing it.\n- [COMMAND_EXECUTION]: The skill uses curl to interact with a well-known service (api.notion.com) and jq for data manipulation.\n
- Evidence: Multiple bash snippets in SKILL.md execute curl to perform GET, POST, and PATCH operations on the official Notion API.
Audit Metadata