Hey HN — yesterday Notion released AI agent support on their platform with support for MCP servers and custom AI agents. It didn’t take us long to find an example of a lethal trifecta attack in which, through indirect prompt injection, we were able to get Notion AI to leak data via its web search tool.
