marimo
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill provides instructions for installing the
marimolibrary and its optional dependencies viapip.marimois a well-known open-source project and the installation instructions provided are standard and benign.\n- [DYNAMIC_EXECUTION] (LOW): The skill documents the use ofmo.persistent_cache, which utilizes Python'spicklemodule for disk-based serialization. Whilepicklecan be unsafe if used with untrusted data, this is an expected feature for the documented environment's primary purpose of local data science development.\n- [INDIRECT_PROMPT_INJECTION] (LOW): The skill documents surfaces for ingesting external data (e.g., CSV, SQL, remote URLs) into a notebook context. 1. Ingestion points: Documented inreferences/sql.md(remote CSV/S3) andreferences/media.md(remote images/audio). 2. Boundary markers: Not explicitly defined in basic code examples, but security isolation viamo.iframeis documented inreferences/html.md. 3. Capability inventory: The tool possesses capabilities for network operations (aiohttp), file writing (open), and command execution (CLI tools), which are standard for a development notebook. 4. Sanitization:references/html.mdprovides explicit guidance on usinghtml.escape()for user-provided content to prevent XSS.\n- [SAFE] (SAFE): The scanner alert for a blacklisted URL insql.mdrefers tohttps://example.com/data.csv, which is a standard documentation placeholder and constitutes a false positive.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata