datalore-notebook
Warn
Audited by Snyk on Jun 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). The skill’s runtime workflow calls the Datalore Notebook API to fetch cell
sourceand especially executionoutputs(includingTEXT/HTML/TABLEcontent) viascripts/datalore cells --include-outputs/cell get/cell outputs, and those returned free-form strings are then printed/serialized into the agent’s context; these outputs are authored by the notebook/kernel (i.e., not the operating user’s chosen chat prompt), creating an indirect prompt-injection surface.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata