The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is built around the execution of the ncli command-line utility to perform workspace operations such as searching, fetching page content, and managing databases.
[DATA_EXFILTRATION]: The skill provides functionality via the ncli file upload command to transmit local files to Notion's servers. This capability could be leveraged to exfiltrate sensitive local data if the agent is manipulated into uploading unauthorized files.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it retrieves data from external sources (Notion pages) and possesses significant workspace modification and file upload capabilities. An attacker could place malicious instructions in a Notion page that the agent might execute after fetching it. • Ingestion points: Page and database content retrieved via ncli search and ncli fetch in SKILL.md. • Boundary markers: No explicit markers or instructions are provided to help the agent distinguish between data and potential instructions within fetched content. • Capability inventory: Extensive workspace modification tools (create, update, move, delete) and file upload functionality (ncli file upload) are documented in SKILL.md and references/command-reference.md. • Sanitization: No mechanism for sanitizing or validating external content is mentioned before it is processed by the agent.

notion