notion-api
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): Automated scanners flagged the URL 'notion.users.me' as malicious or blacklisted. This domain is not an official Notion property (which typically uses notion.so or notion.site) and its inclusion in the skill metadata or associated files represents a high risk of redirection to a malicious site.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its data processing workflows. * 1. Ingestion points: notion.databases.query in README.md. * 2. Boundary markers: Absent; there are no instructions to the agent to ignore potentially malicious content within the fetched Notion data. * 3. Capability inventory: The skill has the ability to read and modify a user's Notion workspace via the API. * 4. Sanitization: No sanitization or validation of the retrieved Notion data is implemented in the provided examples.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata