jupyter-notebook
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill recommends installing
jupyterlabandipykernelusinguv. While these are external dependencies, the risk is mitigated because the skill author is 'openai' (a trusted organization) and the packages are industry standards for Jupyter environments. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection through the
--titleargument inscripts/new_notebook.py. - Ingestion points: User-provided title via the
--titleCLI argument. - Boundary markers: The title is placed inside a markdown cell, prefixed with '# Experiment:' or '# Tutorial:'.
- Capability inventory: The script writes
.ipynbfiles to the local filesystem usingjson.dumpand creates directories usingpathlib. - Sanitization: The title is slugified for use in the filename, which prevents path traversal, but the raw input string is interpolated directly into the notebook's markdown source without escaping or validation.
Audit Metadata