notion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — SKILL.md explicitly instructs the agent to read Notion pages, blocks, and search workspace content via the Notion API (e.g., "Read Page with Content", "Get Block Children", "Search Workspace" calls), which ingests user-generated Notion page content that could contain arbitrary/untrusted instructions.