notion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to call Notion API endpoints such as GET /pages, GET /blocks (page content), and /v1/search or /v1/databases/{id}/query to read user-generated Notion pages and databases, which are third-party/untrusted content that the agent would read and could materially influence subsequent actions (e.g., creating/updating pages).