Skills
skills/marimo-team/skills/jupyter-to-marimo/Gen Agent Trust Hub

jupyter-to-marimo

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (SAFE): The skill uses uvx to download and run the marimo package from PyPI. While this executes external code, marimo is a well-established open-source project and is essential for the skill's functionality.
  • COMMAND_EXECUTION (SAFE): Commands such as marimo convert and marimo check are executed to perform the conversion. These are standard operations for the described task.
  • Indirect Prompt Injection (LOW): The skill processes user-supplied Jupyter notebooks which are untrusted data. 1. Ingestion points: User-provided <notebook.ipynb> files. 2. Boundary markers: None; the agent is instructed to read the file contents directly. 3. Capability inventory: Command execution via uvx and file system read/write access. 4. Sanitization: No sanitization is performed on the input notebook before conversion or processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:11 PM