j-cli
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill is designed to execute arbitrary Python, R, or Julia code within Jupyter kernels using the
j-cli execcommand as its core functionality. - [COMMAND_EXECUTION]: The skill executes shell commands to launch Jupyter servers (
j-cli serve-cmd), install workflow-specific hooks (j-cli setup), and perform notebook format conversions. It utilizesnohup bash -cto manage long-running server processes. - [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
jupyter-jclipackage from PyPI viauv tool install, which provides the underlying CLI functionality. - [CREDENTIALS_UNSAFE]: The agent manages authentication to Jupyter servers using the
JCLI_JUPYTER_SERVER_TOKENandJCLI_JUPYTER_SERVER_URLenvironment variables. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection through its ingestion of external notebook and script content.
- Ingestion points: The agent reads and processes
.ipynband.pyfiles during conversion and execution tasks, and ingests outputs returned by Jupyter kernels. - Boundary markers: No specific delimiters or safety instructions are described for the agent when handling content from these files or outputs.
- Capability inventory: The skill allows for arbitrary kernel code execution, local file system writes, and the installation of environment-level hooks.
- Sanitization: No automated sanitization or filtering of ingested notebook content or kernel execution results is mentioned.
Audit Metadata