notion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch and search Notion content (e.g., "Search", "Get Page", "Get Block Children", "List Comments") and to proxy requests to external endpoints via Membrane, which causes the agent to read user-generated third-party content from Notion/APIs that could contain instructions influencing behavior.