marimo-batch
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill references 'wigglystuff', an unknown and unverifiable library, to handle sensitive credentials like OpenAI and W&B API keys. Using unvetted libraries for security-critical tasks is a risk.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection as it processes untrusted data from CLI arguments and UI inputs without explicit delimiters. This data could potentially influence the agent's code-generation logic.
- Ingestion points: mo.cli_args() and UI batch forms in SKILL.md.
- Boundary markers: Not specified.
- Capability inventory: Writing and modifying executable python scripts (Marimo notebooks).
- Sanitization: Type checking via Pydantic.
- [DATA_EXFILTRATION] (LOW): Code examples include automated network calls to third-party services to validate credentials, which involves transmitting sensitive tokens.
Audit Metadata