openai-jupyter-notebook
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill suggests installing standard packages
jupyterlabandipykernelviauv pip. These are well-known, legitimate packages from the standard PyPI registry. - Command Execution (LOW): The skill executes a local script
scripts/new_notebook.pythroughuv run. This is used to safely generate notebook JSON structure from templates, avoiding complex shell injections. - Indirect Prompt Injection (LOW): The skill ingests user-provided data to populate notebook titles.
- Ingestion points: User input for notebook titles and content processed via
new_notebook.pyandSKILL.mdworkflows. - Boundary markers: No specific delimiters or safety instructions are used when inserting user content into the notebook markdown cells.
- Capability inventory: The skill allows
Bash,Write, andEdittools, enabling it to create and potentially execute code within the generated notebooks. - Sanitization: Filenames are sanitized using a strict alphanumeric slugify function, but markdown content is directly updated based on user input.
- Dynamic Execution (LOW): The skill generates
.ipynbfiles, which are structured JSON scripts meant for execution. The generation is done from static templates with minimal user-controlled interpolation in the title field.
Audit Metadata