notion
Pass
Audited by Gen Agent Trust Hub on May 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute
curlcommands to perform CRUD operations (Create, Read, Update, Delete) on Notion workspace objects like pages and databases. - [DATA_EXFILTRATION]: The skill facilitates data transfer between the local environment and
api.notion.com. As Notion is a well-known productivity service and the primary target of this skill, this behavior is expected and legitimate. - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection (Category 8) as it retrieves content from Notion pages and blocks. Maliciously crafted content within a Notion workspace could potentially attempt to influence the agent's behavior during processing.
- Ingestion points: Reads page content, database queries, and block children from
api.notion.com(SKILL.md). - Boundary markers: None identified; external content is processed directly.
- Capability inventory: Network operations via
curl(SKILL.md). - Sanitization: No specific sanitization or filtering of API responses is implemented before the content is presented to the agent.
Audit Metadata