Skills
skills/iemong/agent-skills/notion-db/Gen Agent Trust Hub

notion-db

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The script reads local files when paths are provided through arguments such as --filter-file, --sorts-file, or --properties-file. Although it attempts to parse the content as JSON and will fail on invalid formats, this represents a local data ingestion surface.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations targeting api.notion.com to facilitate communication with the Notion service. This is a well-known service and is consistent with the skill's stated purpose.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (IPI) as it ingests untrusted data from the Notion API that is subsequently processed by the agent.
  • Ingestion points: Data is retrieved from the Notion API via the notion_query and notion_get_page_markdown functions in scripts/notion_db.py.
  • Boundary markers: The script outputs raw data within a structured JSON object but does not implement specific delimiters or warnings for the agent to ignore instructions embedded in the content.
  • Capability inventory: The skill has Bash and Read permissions, enabling it to execute local Python scripts and read filesystem contents.
  • Sanitization: There is no evidence of content sanitization or instruction filtering for data fetched from the external API.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute its primary logic in scripts/notion_db.py. While the script logic itself is restricted to API interactions and file reading, the capability is essential for its operation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 03:32 AM