notion-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md shows it fetches and ingests content from public/third-party Notion databases and pages (via notion-search / notion-fetch on Projects, Engineering Specs, Design Briefs, etc.), treats that untrusted/user-generated content as input to mapping/auto-mapping logic and creation/updating of initiatives (including auto-map thresholds and sync-driven actions), so third-party content can materially influence agent decisions and tool use.