The Agent Skills Directory

[DATA_EXFILTRATION]: Accesses a sensitive file path to retrieve an authentication key for API requests. Evidence: The instruction NOTION_KEY=$(cat ~/.config/notion/api_key) in SKILL.md reads credentials from the local filesystem. This pattern involves reading a file containing a sensitive keyword (api_key) for subsequent use in network operations.
[PROMPT_INJECTION]: Potential surface for indirect prompt injection via the ingestion of untrusted data from the Notion API. 1. Ingestion points: Fetches page, block, and database content using curl in SKILL.md. 2. Boundary markers: Absent; there are no instructions to delineate or ignore potential commands within the fetched content. 3. Capability inventory: Subprocess calls to curl allow for network communication with the Notion API. 4. Sanitization: Absent; external content is processed without validation or escaping.

notion