notion-api
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- EXTERNAL_DOWNLOADS (CRITICAL): Automated scanning confirmed the presence of the malicious domain
notion.users.mewithin the skill components. This domain is not part of Notion's official infrastructure and is known for phishing operations.\n- DATA_EXFILTRATION (HIGH): The skill requires users to provide aNOTION_API_KEY. Given the presence of a blacklisted domain mimicking Notion, there is a very high probability that the skill is designed to exfiltrate these sensitive tokens to an attacker-controlled endpoint.\n- COMMAND_EXECUTION (LOW): The documentation includes standard usage ofcurlandpip installfor integration setup. While common, these actions are high-risk when performed in the context of a compromised or malicious skill.\n- INDIRECT PROMPT INJECTION (LOW):\n - Ingestion points: Data is ingested from external sources via
notion.databases.query.\n - Boundary markers: No boundary markers or 'ignore' instructions are used to separate ingested content from system prompts.\n
- Capability inventory: The skill uses the
notion-clientSDK to perform full CRUD operations on pages and databases.\n - Sanitization: There is no evidence of input validation or escaping for the data fetched from Notion databases.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata