Skills
skills/elizaos/eliza/notion/Gen Agent Trust Hub

notion

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses shell commands to manage local configurations and perform network requests.
  • The skill uses cat to read sensitive API tokens from ~/.config/notion/api_key and curl to transmit them to the Notion API.
  • It provides commands to write configuration data using echo.
  • [EXTERNAL_DOWNLOADS]: Performs network operations to communicate with the Notion API.
  • Requests are directed to api.notion.com, which is a well-known service associated with the skill's primary purpose.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection through data ingested from external Notion resources.
  • Ingestion points: Reads page content, blocks, and database query results from the Notion API (SKILL.md).
  • Boundary markers: Absent. The skill does not provide instructions to the agent to treat Notion content as untrusted or to use delimiters.
  • Capability inventory: Uses curl for network operations and cat/echo for file system access (SKILL.md).
  • Sanitization: Absent. There is no logic provided to escape or validate data retrieved from Notion before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 07:56 AM