jupyter-notebook
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill installs 'jupyter-databricks-kernel' from a personal GitHub repository (i9wa4/jupyter-databricks-kernel) not on the trusted list. This creates a supply-chain risk as the package content is unverified.
- [COMMAND_EXECUTION] (LOW): The skill leverages 'jupyter execute' to run code in notebooks. This is a powerful capability that allows arbitrary code execution.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection via the notebook files it executes. Evidence Chain: (1) Ingestion points: Notebook files (<notebook_path>). (2) Boundary markers: Absent. (3) Capability inventory: 'jupyter execute' runs notebook content as local system code. (4) Sanitization: Absent; the skill does not inspect notebook cells for malicious code before execution.
Audit Metadata