Skills
skills/nousresearch/hermes-agent/jupyter-live-kernel/Gen Agent Trust Hub

jupyter-live-kernel

Fail

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to clone an external repository from 'https://github.com/hamelsmu/hamelnb.git' during the setup phase into a local directory (~/.agent-skills/hamelnb).
  • [REMOTE_CODE_EXECUTION]: It executes a script from the cloned repository using 'uv run', which means code from an unverified external source is run on the user's machine.
  • [COMMAND_EXECUTION]: The setup instructions provide a command to start a Jupyter server using the flags '--IdentityProvider.token=""' and '--ServerApp.password=""'. These flags intentionally disable authentication, exposing a powerful code execution environment to anyone who can reach the server's network port.
  • [PROMPT_INJECTION]: This skill presents an attack surface for indirect prompt injection.
  • Ingestion points: The skill accepts arbitrary strings as Python code for the 'execute' and 'edit' commands in SKILL.md.
  • Boundary markers: No delimiters or warnings to ignore instructions within the code strings are present.
  • Capability inventory: The skill can execute arbitrary Python code, modify notebook files, and spawn subprocesses via 'uv run' (detailed in SKILL.md).
  • Sanitization: There is no evidence of sanitization or validation of the input code before it is passed to the execution environment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 27, 2026, 07:07 AM