Skills
skills/pymc-labs/agent-skills/marimo-notebooks/Gen Agent Trust Hub

marimo-notebooks

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/convert_notebook.py uses subprocess.run to invoke the marimo CLI for notebook conversion. This is a standard functional requirement and does not use a shell, minimizing injection risks.
  • [PROMPT_INJECTION]: The skill is designed to process external notebook files (.ipynb), which creates a surface for indirect prompt injection. However, this ingestion is core to the skill's purpose as a developer tool, and no malicious patterns were identified in the skill's own instructions.
  • [EXTERNAL_DOWNLOADS]: The documentation references standard package installations and data access patterns for the marimo ecosystem. These are documented features and do not represent unauthorized network activity.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 06:14 AM