The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill provides handlers for receiving and processing external data via webhooks.
Ingestion points: POST /webhooks/notion endpoints in the provided code examples for Express, FastAPI, and Next.js.
Boundary markers: The implementations enforce HMAC-SHA256 signature verification using the X-Notion-Signature header and a shared secret (NOTION_VERIFICATION_TOKEN) before processing any request body.
Capability inventory: The handler examples are limited to logging event types and entity identifiers to the console. No high-risk capabilities such as file system modifications or subprocess execution are present.
Sanitization: The input data is parsed using standard JSON libraries.
[DATA_EXPOSURE]: The skill guides the developer to capture a verification_token during a one-time handshake process required by Notion. The token is logged to the console for the developer to configure their environment, which is the intended procedure for establishing the webhook subscription.
[EXTERNAL_DOWNLOADS]: The documentation references the use of hookdeck-cli for development and testing. As this tool is provided by the vendor ('hookdeck'), it is a recognized and expected resource for use with their infrastructure.

notion-webhooks