data-science-notebooks
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for executing various CLI tools for notebook management and deployment, such as nbstripout, bokeh serve, jupyter nbconvert, and voila. These are standard tools in data science workflows.- [EXTERNAL_DOWNLOADS]: The documentation includes commands to install numerous well-known Python packages from the official PyPI registry, including dash, streamlit-aggrid, and various data analysis libraries.- [PROMPT_INJECTION]: The skill processes external data (e.g., via pandas and polars) and user-provided inputs in dashboard applications, which represents a surface for indirect prompt injection.
- Ingestion points: Data scanning and loading operations in references/large-dataset-eda.md and interactive input components in dashboard-related reference files.
- Boundary markers: No explicit markers are used to separate untrusted data from instructions in the provided code snippets.
- Capability inventory: The skill demonstrates capabilities for file writing (profile.to_file), subprocess execution (nbconvert), and launching local web servers (app.run).
- Sanitization: The skill does not demonstrate explicit validation or sanitization of content loaded from external datasets.
Audit Metadata