Skills
skills/eturkes/claude-scientific-skills/open-notebook/Gen Agent Trust Hub

open-notebook

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it is designed to ingest and query untrusted external data sources, such as web URLs and document uploads.
  • Ingestion points: The /api/sources endpoint accepts URLs and multipart file uploads (PDF, DOCX, audio, video) as demonstrated in SKILL.md and scripts/source_ingestion.py.
  • Boundary markers: The documentation and example scripts do not specify the use of clear delimiters or instructions to ignore embedded commands within the processed data.
  • Capability inventory: The associated backend service handles network requests to fetch external content and manages AI-driven analysis pipelines.
  • Sanitization: No explicit sanitization or filtering of the ingested source content is documented.
  • [EXTERNAL_DOWNLOADS]: The quick start guide instructs users to download a deployment configuration file from an external GitHub repository.
  • Evidence: curl -o docker-compose.yml https://raw.githubusercontent.com/lfnovo/open-notebook/main/docker-compose.yml in SKILL.md.
  • [COMMAND_EXECUTION]: The documentation includes standard setup and deployment procedures that require manual execution of shell commands.
  • Evidence: Instructions for installing and launching the service using curl, export, and docker-compose are provided for user implementation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 10:50 PM