jupyter
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides snippets for using
jupyter nbconvertto execute notebooks. Specifically, the commandjupyter nbconvert --to notebook --execute --inplace notebook.ipynbtriggers the execution of all code cells within the target file. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes content from external .ipynb files without safety boundaries.
- Ingestion points: Notebook content is loaded into the agent's context using json.load in Python snippets and grep in shell snippets.
- Boundary markers: No delimiters or safety instructions are defined to separate notebook content from agent instructions.
- Capability inventory: The skill uses subprocess calls to execute notebook code and provides Python snippets to write modified content back to the file system.
- Sanitization: There is no logic to sanitize or validate the content of the cells before they are processed or executed.
Audit Metadata