skills/steipete/clawdis/notion/Gen Agent Trust Hub

notion

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXFILTRATION]: The skill reads an API key from the local path ~/.config/notion/api_key for authentication purposes. This file access is intended for credential management related to the service, and the data is sent to api.notion.com, which is the official endpoint for the Notion service.
  • [PROMPT_INJECTION]: The skill retrieves and processes content from Notion pages and databases, creating a surface for indirect prompt injection. \n
  • Ingestion points: Data enters the context via curl requests to fetch page content and block children as documented in SKILL.md. \n
  • Boundary markers: The instructions do not define delimiters or provide specific guidance to the agent to treat content retrieved from Notion as untrusted. \n
  • Capability inventory: The skill allows for network operations via curl and reading local configuration files. \n
  • Sanitization: There is no documented validation or sanitization of the data retrieved from the Notion API before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 05:07 AM
Security Audit — agent-trust-hub — notion