marimo-notebook
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The core functionality involves generating Python scripts and executing them via 'uv run'. This path allows an attacker to influence the generated code through the agent's input, leading to arbitrary code execution.
- [COMMAND_EXECUTION] (MEDIUM): The skill provides explicit shell commands for notebook management and documentation retrieval, including dynamic execution of Python code strings via 'uv --with marimo run python -c'.
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted user requirements to produce executable code without utilizing boundary markers or input sanitization. This is critical as the generated code has high-privilege capabilities like file system and database access.
- [EXTERNAL_DOWNLOADS] (MEDIUM): Includes references to libraries like 'wigglystuff' from non-trusted domains and contains a URL ('https://my-catalog.com') flagged as blacklisted by automated security scanners.
- [CREDENTIALS_UNSAFE] (LOW): Documentation templates in 'references/SQL.md' demonstrate hardcoding of access tokens and database connection strings, which are handled as plain text in generated files.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata