jupyter
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to use the
jupyter nbconvertcommand-line tool to execute notebooks and convert them between formats such as HTML, Python scripts, and Markdown. - [PROMPT_INJECTION]: Interaction with
.ipynbfiles introduces a surface for indirect prompt injection since notebooks contain user-controllable markdown and code cells. This is a characteristic of the notebook format itself. Evidence: 1. Ingestion points: The skill readsnotebook.ipynbfiles inSKILL.mdandREADME.md. 2. Boundary markers: No delimiters are specified to separate notebook data from instructions. 3. Capability inventory: Commands include notebook execution vianbconvertand file writing viajson.dump. 4. Sanitization: No content validation is performed before execution.
Audit Metadata