Skills
skills/derklinke/codex-config/jupyter-notebook/Gen Agent Trust Hub

jupyter-notebook

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python helper script (new_notebook.py) to automate the creation of Jupyter notebooks. The script performs standard file operations, such as reading JSON templates and writing generated .ipynb files to a specified output directory.
  • [EXTERNAL_DOWNLOADS]: The documentation recommends the installation of standard Jupyter ecosystem packages, specifically jupyterlab and ipykernel, using the uv package manager. These are well-known, industry-standard tools for notebook execution.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it interpolates user-provided titles directly into the Markdown cells of generated notebooks without sanitization.
  • Ingestion points: The title parameter passed to the new_notebook.py script via the --title argument.
  • Boundary markers: None. The title is placed directly into a Markdown header within the notebook JSON structure.
  • Capability inventory: The skill produces .ipynb files which are designed for code execution and narrative display. The agent is encouraged to run these notebooks to validate results.
  • Sanitization: No escaping or validation is performed on the title string within the Python script beyond standard JSON encoding, allowing for the inclusion of arbitrary Markdown or instructions that could influence subsequent agent behavior when reading the file.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 09:41 AM