notion-db

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches Notion pages via the Notion API (see SKILL.md "get-markdown"/query and scripts/notion_db.py functions notion_query / notion_get_page_markdown), thereby ingesting user-generated, public/third-party page content that the agent is intended to read and could influence subsequent actions (e.g., updates), so it exposes the agent to potential indirect prompt injection.