notebook-debug
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes CLI tools such as
marimo,jupytext, andpapermillto execute notebook code andjqto inspect the resulting outputs.\n- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by instructing the agent to process and verify the contents of executed notebook outputs, which could contain adversarial instructions.\n - Ingestion points: Reads
.ipynbfiles and execution tracebacks (SKILL.md).\n - Boundary markers: None present to distinguish between notebook data and embedded instructions.\n
- Capability inventory: Executes arbitrary Python code via notebook runners and performs shell commands (SKILL.md).\n
- Sanitization: None identified; the agent reads raw outputs and error messages directly.
Audit Metadata