jupyter-notebook
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill relies on the external
jupytextutility. Instructions recommend installation through standard package managers likeuvorpixi. - [COMMAND_EXECUTION]: Execution of
jupytextis required for exporting and updating notebooks. Additionally, the skill utilizes a custom Python preprocessor script (scripts/rg_ipynb_preprocessor.py) when searching notebook files withripgrep. - [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted content from Jupyter notebooks, creating a surface for indirect prompt injection.
- Ingestion points: Untrusted notebook content is read in
scripts/export_text_notebook.shandscripts/rg_ipynb_preprocessor.py. - Boundary markers: Content is converted to a plain text format without specific boundary markers or instructions to ignore embedded commands.
- Capability inventory: The skill can perform file system writes and execute conversion/search tools.
- Sanitization: While the Python preprocessor safely parses the JSON structure and filters binary blobs, it does not sanitize the text content within cells.
Audit Metadata