blog-notebooklm
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
subprocess.runinscripts/run.py,scripts/setup_environment.py, andscripts/__init__.pyto create and manage a local Python virtual environment, install required packages, and execute internal scripts. These operations are limited to the skill's own directory and are necessary for its operation. - [EXTERNAL_DOWNLOADS]: The skill utilizes the
patchrightlibrary to download and install the Google Chrome browser during its setup phase. This is a functional requirement to enable automated interaction with the NotebookLM web interface. - [PROMPT_INJECTION]: The skill processes responses from Google NotebookLM which represents an indirect prompt injection surface, as the notebook contents are derived from user-provided documents.
- Ingestion points: Answer text is extracted from the browser session in
scripts/ask_question.py. - Boundary markers: The skill appends a
FOLLOW_UP_REMINDERstring to queries but does not implement strict delimiters for the external content. - Capability inventory: The skill suite possesses shell execution capabilities via its internal wrapper scripts and standard file system access.
- Sanitization: The retrieved notebook content is not sanitized or filtered before being returned to the agent context.
Audit Metadata