Security risk report for @forgecat/openai_skills_jupyter-notebook v0.0.10
Source Integrity
Low
Profile is sourced from OpenAI's official skills repository (github.com/openai/skills) with a clear commit hash and Apache-2.0 license.
Metadata is transparent: author, original repository, version, and commit date are all documented.
Agent Intent
Low
Content describes legitimate Jupyter notebook scaffolding workflows with no instructions to manipulate the AI, read credentials, or exfiltrate data.
References to helper scripts and templates are standard development practices; no guidance poisoning or malicious knowledge injection detected.
Documentation focuses on reproducible notebook structure, patterns, and quality checks—all aligned with the stated purpose of creating clean, educational notebooks.
Quality checklist emphasizes validation and transparency: 'If execution is not possible, call out the risk and how to validate locally.'
No instructions to ignore system prompts, read ~/.ssh, disable security, or install attacker-controlled dependencies.
Permissions
Low
No tools or hooks are declared in the profile; the skill is purely instructional documentation.
References to file operations (reading templates, writing notebooks) are scoped to the skill's own directory and user output paths.
No shell, file_delete, or excessive agency patterns detected.
Details
Evidence
Declared tools: (none)
File operations are limited to: `assets/experiment-template.ipynb`, `assets/tutorial-template.ipynb`, `tmp/jupyter-notebook/`, and `output/jupyter-notebook/`.
Environment setup is optional and user-initiated: `export JUPYTER_NOTEBOOK_CLI=...`
MCP Risk
Low
No MCP servers are defined in the profile.
No hidden instructions in tool descriptions or arbitrary binary execution.
The helper script `new_notebook.py` is bundled and uses only the Python standard library.
Details
Evidence
MCP servers: (none)
Script note: 'The bundled scaffold script uses only the Python standard library and does not require extra dependencies.'