notebook-repro-packager
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The validation utility
scripts/quick_validate_skill.pyusessubprocess.runto execute the skill's own contract test suite (tests/test_skill_contract.py). This is a legitimate development practice for ensuring skill portability.\n- [COMMAND_EXECUTION]: The contract test scripttests/test_skill_contract.pyemploys the Pythoncompile()function to perform static syntax checks on the skill's scripts to ensure they are valid and portable.\n- [PROMPT_INJECTION]: The skill includes specifically labeled adversarial test fixtures (e.g., intests/fixtures/adversarial.md) designed to evaluate the agent's ability to resist user attempts to bypass safety guidelines or quality rubrics. These are used for internal benchmarking and defensive training.\n- [EXTERNAL_DOWNLOADS]: The skill's documentation links to research papers and industry guidelines from well-known technology organizations and academic institutions (e.g., Microsoft, Anaconda, arXiv) to provide design grounding and best practices.\n- [DATA_EXFILTRATION]: While the skill analyzes local files (notebooks, schemas, logs), it includes explicit instructions in its operating rules and provider guidelines to never upload private data to external services without human authorization.
Audit Metadata