generate-validation-notebook
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using
gh(GitHub CLI) andgitto retrieve repository metadata and file contents. It also runs local Python scripts and invokes theopencommand to launch the generated notebook URL in the user's browser. - [DATA_EXFILTRATION]: The skill transmits dbt model definitions and SQL queries to the Monte Carlo platform by encoding them into a URL fragment. This is a functional requirement for the notebook import feature, and the destination domain (
getmontecarlo.com) aligns with the author's identity ('monte-carlo-data'). - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes untrusted data from GitHub PRs (diffs, comments, and file contents).
- Ingestion points: Data enters the context via
gh pr view,gh pr diff, andgh apicalls inSKILL.md(Phase 1). - Boundary markers: The instructions do not define explicit delimiters to isolate untrusted content from the agent's logic.
- Capability inventory: The skill can execute shell commands (
gh,git,python3) and write to the local filesystem (/tmp/validation_notebook_working/). - Sanitization: While helper scripts use
yaml.safe_load(), there is no explicit validation or sanitization of the SQL code extracted from PR diffs before it is incorporated into the generated notebook output.
Audit Metadata