dt-app-notebooks
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous examples and instructions for using
jqand shell commands to parse, extract, and validate notebook JSON data. These operations are standard for the intended technical workflows and operate on local files. - [PROMPT_INJECTION]: The skill processes notebook content that could originate from external or untrusted sources, creating a surface for indirect prompt injection.
- Ingestion points: Notebook data is ingested from files like
notebook.jsonduring analysis and modification tasks. - Boundary markers: The instructions do not specify any delimiters or safety prompts to prevent the agent from following instructions embedded within the notebook's markdown or query fields.
- Capability inventory: The skill's environment includes tools for filesystem access and command execution (
jq,cat,bash). - Sanitization: No sanitization or validation of the extracted content is performed before the agent processes it.
- [COMMAND_EXECUTION]: The skill facilitates the creation of notebook 'function' sections that contain JavaScript or TypeScript code. Although this code is meant for the Dynatrace environment, the generation of executable scripts from user-influenced templates is a form of dynamic execution.
Audit Metadata