notcrawl
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
notcrawlCLI tool to perform various local operations, including syncing data from the Notion API and running SQL queries against a local SQLite database at~/.notcrawl/notcrawl.db. - [PROMPT_INJECTION]: The skill processes content from a Notion archive, which represents a surface for indirect prompt injection.
- Ingestion points: The agent reads Markdown files from the
~/.notcrawl/pagesdirectory. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the SKILL.md file.
- Capability inventory: The skill provides access to the
notcrawlCLI for search and data extraction. - Sanitization: No sanitization or validation of the ingested Notion content is described.
Audit Metadata