PostConversationClassic prompt injection attack here against Notion: hidden text (white on white) in a PDF which, when processed by Notion, causes their agent to gather confidential data from other pages and append it into a query string that gets passed to their functions_search() toolQuoteWe got @NotionHQ to leak your private Notion pages On Thursday @NotionHQ announced Notion 3.0 with support for custom agents using MCP (built by @AnthropicAI) — powerful, but dangerous. @simonw calls these MC...