bio-reporting-jupyter-reports
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill uses
papermill.execute_notebook()andjupyter nbconvert --execute, which execute arbitrary Python code defined within.ipynbfiles. If an attacker provides a malicious notebook template, it results in immediate code execution on the host. - [Indirect Prompt Injection] (HIGH): The skill ingests external data (e.g.,
data/counts.csv) and parameters which are interpolated into the notebook environment. Without strict boundary markers or sanitization, malicious data could influence the code execution logic within the notebooks. - [Dynamic Execution] (HIGH): The core functionality involves runtime execution of code generated or stored in external notebook files. This is a high-privilege operation that requires a trusted environment and verified templates to be safe.
- [Command Execution] (MEDIUM): The skill invokes shell commands via
jupyter nbconvert. If file names or paths are sourced from user-provided data, this could lead to shell command injection.
Recommendations
- AI detected serious security threats
Audit Metadata