jupyter-notebook-writing
Fail
Audited by Snyk on May 9, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows and recommends placing real API keys directly on the command line (e.g., OPENAI_API_KEY="sk-real-key" jupyter execute...), which would require the agent to include secret values verbatim in generated commands—an exfiltration risk.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The notebook uses WebBaseLoader at runtime to fetch external webpages (https://lilianweng.github.io/posts/2023-06-23-agent/ and https://lilianweng.github.io/posts/2023-03-15-prompt-engineering/), and those fetched documents are loaded into the vectorstore and injected into the model prompt/context (via similarity_search), so remote content directly influences/controls the agent's responses.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata