notion-hub

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and returns user-generated Notion content (see SKILL.md and the script's cmd_page_read, cmd_blocks_get, cmd_comments_list which output Markdown/JSON for AI consumption), and that untrusted content could contain embedded instructions that the agent may read and then act on via commands like page-write, block-append or db-add-row, enabling indirect prompt injection.