notebooklm-import
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
notebooklmCLI tool and local Python scripts (import_sources.py,extract_passages.py,resolve_citations.py) to manage notebook data and vault files. Commands are primarily used for authentication, data retrieval, and citation resolution. - [EXTERNAL_DOWNLOADS]: The skill requires installing the
notebooklm-pypackage from PyPI and downloading browser binaries using Playwright (playwright install chromium). These are external dependencies not affiliated with a trusted organization. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) by processing untrusted data from external NotebookLM notebooks (titles, summaries, and Q&A answers).
- Ingestion points: Data enters the system via JSON exports from the NotebookLM CLI which are then processed by scripts.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing logic.
- Capability inventory: The skill can execute local shell commands and perform arbitrary file writes within the Obsidian vault.
- Sanitization: File paths are sanitized for illegal characters, but the content of the imported text is not filtered for potential malicious instructions that could influence the agent during later interactions with the vault files.
Audit Metadata