Skills
skills/kang-chen/agent-skills/jupyter-notebooks/Gen Agent Trust Hub

jupyter-notebooks

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes command-line interfaces for notebook manipulation, specifically calling jupytext, papermill, and jupyter nbconvert to perform structural edits and format conversions.
  • [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of code contained within .ipynb files via tools like papermill and jupyter nbconvert --execute. This allows for the execution of arbitrary code if the notebook file is provided by an untrusted source.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the processing of external notebook files (Category 8). 1. Ingestion points: The agent reads notebook content through nbformat.read, jupytext synchronization, and parameters passed to the EditNotebook tool. 2. Boundary markers: No delimiters or protective instructions are provided to ensure the agent ignores malicious instructions embedded within notebook cells. 3. Capability inventory: The agent has the capability to execute shell commands and trigger Python code execution via the Jupyter ecosystem. 4. Sanitization: No sanitization or validation of the notebook content is performed before the data is read into the context or executed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 08:44 PM