notion
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill reads an API key from the local path
~/.config/notion/api_keyfor authentication purposes. This file access is intended for credential management related to the service, and the data is sent toapi.notion.com, which is the official endpoint for the Notion service. - [PROMPT_INJECTION]: The skill retrieves and processes content from Notion pages and databases, creating a surface for indirect prompt injection. \n
- Ingestion points: Data enters the context via
curlrequests to fetch page content and block children as documented inSKILL.md. \n - Boundary markers: The instructions do not define delimiters or provide specific guidance to the agent to treat content retrieved from Notion as untrusted. \n
- Capability inventory: The skill allows for network operations via
curland reading local configuration files. \n - Sanitization: There is no documented validation or sanitization of the data retrieved from the Notion API before it is processed by the agent.
Audit Metadata