The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads and installs the Google Chrome browser binary during its environment setup process. This is performed via the patchright library's installation command to ensure a consistent browser environment for automation.
[COMMAND_EXECUTION]: The skill infrastructure relies on subprocess.run to manage its environment. Specifically, it uses shell commands to create Python virtual environments, install dependencies from requirements.txt, and execute internal scripts such as ask_question.py and auth_manager.py.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests untrusted data from the NotebookLM web interface which then influences the agent's research behavior.
Ingestion points: scripts/ask_question.py and scripts/browser_session.py extract text from the .message-text-content elements on notebooklm.google.com.
Boundary markers: No specific boundary markers or instructions to ignore embedded commands within the scraped content were identified.
Capability inventory: The skill has the ability to execute shell commands (via its setup and run wrappers), access the local filesystem for library management, and perform network operations via browser automation.
Sanitization: No explicit sanitization or filtering of the text content retrieved from the web page is performed before it is presented to the agent.
[DATA_EXPOSURE]: The skill stores browser session data, including authentication cookies and local storage state, in data/browser_state/state.json. While this is a functional requirement for persistent browser automation, it involves the local storage of sensitive session credentials.

notebooklm