jupyter-notebooks
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill provides tools like nb_convert.py that use the ExecutePreprocessor to run arbitrary code and shell commands within notebook cells.
- [REMOTE_CODE_EXECUTION] (HIGH): By design, the skill can launch Jupyter kernels to execute code; if an agent is tricked into running a malicious notebook, it leads to full system compromise.
- [PROMPT_INJECTION] (HIGH): The skill has a high surface for indirect prompt injection. Ingestion points: Multiple scripts load .ipynb files containing untrusted markdown and code. Boundary markers: None present to isolate data from instructions. Capability inventory: Includes full notebook execution and filesystem writes. Sanitization: Absent; content is executed without safety verification.
Recommendations
- AI detected serious security threats
Audit Metadata