vibe-notionbot

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the vibe-notion package from the official Node.js package registry (npm) using standard package runners like npx, bunx, or pnpm. This is the primary package required for the skill's functionality and is provided by the skill's author.
  • [COMMAND_EXECUTION]: The skill executes commands through the vibe-notionbot CLI. These operations are scoped to Notion API interactions such as searching, creating, and updating content within a workspace.
  • [DATA_EXFILTRATION]: While the skill is designed to move data between the local environment and the Notion API, it includes specific safety guidelines. It instructs the agent to strip out sensitive information (IDs, tokens, and personal content) before reporting any issues externally to the developer.
  • [PROMPT_INJECTION]: The skill includes instructions to the agent to avoid writing custom scripts and instead use the provided batch command for bulk operations. This is a functional constraint to ensure stability and does not attempt to bypass agent safety protocols.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 12:22 AM
Security Audit — agent-trust-hub — vibe-notionbot