vibe-notionbot
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
vibe-notionpackage from the official Node.js package registry (npm) using standard package runners likenpx,bunx, orpnpm. This is the primary package required for the skill's functionality and is provided by the skill's author. - [COMMAND_EXECUTION]: The skill executes commands through the
vibe-notionbotCLI. These operations are scoped to Notion API interactions such as searching, creating, and updating content within a workspace. - [DATA_EXFILTRATION]: While the skill is designed to move data between the local environment and the Notion API, it includes specific safety guidelines. It instructs the agent to strip out sensitive information (IDs, tokens, and personal content) before reporting any issues externally to the developer.
- [PROMPT_INJECTION]: The skill includes instructions to the agent to avoid writing custom scripts and instead use the provided
batchcommand for bulk operations. This is a functional constraint to ensure stability and does not attempt to bypass agent safety protocols.
Audit Metadata