notebooklm
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill installation targets a repository (github.com/alfredang/skills) that is not part of the trusted organization list specified in the security framework.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of 'notebooklm-py', an unofficial third-party Python library that is not maintained by a recognized trusted entity.
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from multiple external sources, creating an attack surface for indirect prompt injection. 1. Ingestion points: Research data gathered from external URLs, YouTube videos, PDFs, audio, and video files. 2. Boundary markers: No boundary markers or instructions to ignore embedded commands are identified in the documentation. 3. Capability inventory: The skill synthesizes research to generate professional slide presentations in Markdown and HTML/reveal.js formats. 4. Sanitization: No mention of input sanitization, escaping, or validation of the ingested external content is provided.
Audit Metadata