notion-sync
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Data Exposure (LOW): A hardcoded Notion Database ID (256c4d5e-7bea-80ca-ba8d-c0ba0bb881c6) is present in the Standard Field Reference section, revealing internal organizational structure.
- Indirect Prompt Injection (LOW): The skill ingests untrusted data and interpolates it into Notion blocks and properties. 1. Ingestion points: PR-URL, branch-name, plan-content, and session metrics from external skills. 2. Boundary markers: Absent; data is directly inserted into template fields. 3. Capability inventory: Write access to external Notion pages via API-patch-page, API-post-page, and API-patch-block-children. 4. Sanitization: Absent; no logic is present to validate or escape external content before transmission to Notion.
Audit Metadata