Notebook
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides the ability to execute arbitrary code snippets through a local Node.js script located at
/job/.pi/skills/notebook/notebook.js. - [COMMAND_EXECUTION]: Evidence: usage examples demonstrate running code directly from command-line arguments (e.g.,
node .../notebook.js cell "console.log('Hello')") and executing entire notebooks from local files (e.g.,node .../notebook.js run notebook.json). - [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection by processing external
notebook.jsonfiles. - [PROMPT_INJECTION]: Ingestion points:
notebook.jsonis read and processed as a notebook. Boundary markers: no delimiters or 'ignore' instructions are present in the skill definition. Capability inventory: the skill can execute arbitrary Node.js code and write/export results to the filesystem. Sanitization: no evidence of input validation or sanitization is documented for the processed notebook content.
Audit Metadata