notion-openapi-skill
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves a curated OpenAPI specification from the vendor's repository (holon-run/uxc) to configure the uxc utility. This source is associated with the skill author.
- [COMMAND_EXECUTION]: Provides instructions for creating command aliases and managing API bindings using the uxc tool.
- [CREDENTIALS_UNSAFE]: Recommends using environment variables (NOTION_API_TOKEN) and the uxc credential manager for authentication, which is a standard secure practice for secret management.
- [DATA_EXFILTRATION]: All network operations target the official Notion API domain (api.notion.com). No evidence of unauthorized data transmission was found.
- [PROMPT_INJECTION]: The skill processes potentially untrusted content from Notion (ingestion via get:/pages and get:/blocks/children in references/notion-public.openapi.json). While the skill lacks explicit prompt delimiters, it features a security guardrail in SKILL.md requiring explicit user confirmation before executing any write or delete operations (post:/pages, patch:/blocks, delete:/blocks), mitigating the risk of indirect injection attacks.
Audit Metadata