The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on the execution of the nlm CLI tool for all operations, which involves running subprocesses to interact with the NotebookLM service.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from multiple external sources. Ingestion points: External content is retrieved via nlm source add (supporting URLs, local PDF/files, YouTube transcripts, and Google Drive documents) and through the nlm research import command. Boundary markers: The skill does not define or use delimiters or specialized instructions to prevent the agent from obeying commands embedded within the retrieved source material. Capability inventory: The agent has the ability to query these sources via AI (nlm query), generate shareable content (podcasts, videos, reports), and modify notebook permissions (nlm share public). Sanitization: There is no evidence of input validation, sanitization, or filtering of the content retrieved from external sources before it is processed by the AI.
[CREDENTIALS_UNSAFE]: The authentication mechanism involves extracting session cookies from the user's web browser. The nlm login command accesses sensitive browser data to maintain the session, which represents a high-sensitivity credential handling pattern.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of the notebooklm-mcp-cli package (v0.3.3) from an external repository to function.

notebooklm