pp-notion
Pass
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs installations via
npx -y @mvanhorn/printing-pressandgo installfromgithub.com/mvanhorn/printing-press-library. These resources are owned and maintained by the skill author. - [COMMAND_EXECUTION]: The skill's primary functionality relies on executing the
notion-pp-clibinary to manage Notion resources. - [DATA_EXFILTRATION]: The CLI supports a
--deliver webhook:<url>flag that allows the agent to transmit Notion workspace data to external endpoints. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface.
- Ingestion points: Untrusted data enters the agent context through Notion pages, databases, and comments retrieved at runtime.
- Boundary markers: There are no markers or instructions to isolate retrieved data from agent logic.
- Capability inventory: The skill possesses capabilities to execute shell commands, write to local files (
--deliver file:), and make outbound network requests (--deliver webhook:). - Sanitization: No validation or sanitization of content retrieved from external sources is performed before it is processed by the agent.
Audit Metadata