notebook-repro-packager

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The validation utility scripts/quick_validate_skill.py uses subprocess.run to execute the skill's own contract test suite (tests/test_skill_contract.py). This is a legitimate development practice for ensuring skill portability.\n- [COMMAND_EXECUTION]: The contract test script tests/test_skill_contract.py employs the Python compile() function to perform static syntax checks on the skill's scripts to ensure they are valid and portable.\n- [PROMPT_INJECTION]: The skill includes specifically labeled adversarial test fixtures (e.g., in tests/fixtures/adversarial.md) designed to evaluate the agent's ability to resist user attempts to bypass safety guidelines or quality rubrics. These are used for internal benchmarking and defensive training.\n- [EXTERNAL_DOWNLOADS]: The skill's documentation links to research papers and industry guidelines from well-known technology organizations and academic institutions (e.g., Microsoft, Anaconda, arXiv) to provide design grounding and best practices.\n- [DATA_EXFILTRATION]: While the skill analyzes local files (notebooks, schemas, logs), it includes explicit instructions in its operating rules and provider guidelines to never upload private data to external services without human authorization.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 09:30 AM
Security Audit — agent-trust-hub — notebook-repro-packager