jupyter-notebook-assistant
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes content from untrusted
.ipynbfiles provided by the user. Reading and parsing external notebook content into the agent context creates an indirect prompt injection surface where instructions embedded in the notebook cells could influence the agent's behavior. - Ingestion points: The skill reads
notebook.ipynbusingjson.loadin Step 1 and processes cell source code in multiple steps. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the processing logic.
- Capability inventory: The skill utilizes the
Writetool to create new files (utils.py,requirements.txt,script.py) and theBashtool to execute external commands. - Sanitization: Content is filtered using regex (e.g., Step 5 for imports) and standard conversion libraries (
nbconvert), but raw cell strings are otherwise handled directly. - [EXTERNAL_DOWNLOADS]: The skill instructions suggest the installation of well-known third-party development tools using
pipto facilitate notebook maintenance. - Evidence: References to
black[jupyter],nbqa, andjupytextare provided as automated cleanup tools. - [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to run standard utilities for notebook conversion, formatting, and linting. - Evidence: Use of
jupyter nbconvert,black, andnbqacommands to process local files.
Audit Metadata