Skills
skills/openhands/skills/jupyter/Gen Agent Trust Hub

jupyter

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [Command Execution] (LOW): The skill utilizes jupyter nbconvert --execute to run code contained within .ipynb files. This is the primary function of the skill, but executing untrusted notebooks can lead to arbitrary code execution on the host system.
  • [Indirect Prompt Injection] (LOW): The skill processes Jupyter notebook files which are external data sources that may contain malicious instructions.
  • Ingestion points: The skill reads notebook.ipynb using json.load().
  • Boundary markers: No delimiters or warnings are used to prevent the agent from obeying instructions embedded in notebook cells.
  • Capability inventory: The skill performs file system writes, searches via grep, and code execution via nbconvert.
  • Sanitization: There is no validation or sanitization of notebook cell content prior to execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:33 PM