pp-notion

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill performs installations via npx -y @mvanhorn/printing-press and go install from github.com/mvanhorn/printing-press-library. These resources are owned and maintained by the skill author.
  • [COMMAND_EXECUTION]: The skill's primary functionality relies on executing the notion-pp-cli binary to manage Notion resources.
  • [DATA_EXFILTRATION]: The CLI supports a --deliver webhook:<url> flag that allows the agent to transmit Notion workspace data to external endpoints.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface.
  • Ingestion points: Untrusted data enters the agent context through Notion pages, databases, and comments retrieved at runtime.
  • Boundary markers: There are no markers or instructions to isolate retrieved data from agent logic.
  • Capability inventory: The skill possesses capabilities to execute shell commands, write to local files (--deliver file:), and make outbound network requests (--deliver webhook:).
  • Sanitization: No validation or sanitization of content retrieved from external sources is performed before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 05:23 PM
Security Audit — agent-trust-hub — pp-notion