notebooklm
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a
run.pywrapper andsetup_environment.pyscript to automatically create a Python virtual environment and install dependencies usingsubprocess.run. - [COMMAND_EXECUTION]: The initialization process in
scripts/__init__.pyandscripts/setup_environment.pyexecutes system commands to install thepatchrightautomation package and Google Chrome browser binaries. - [EXTERNAL_DOWNLOADS]: The skill downloads and installs external software, specifically the Google Chrome browser and the
patchrightlibrary, during the environment setup phase to facilitate browser automation. - [PROMPT_INJECTION]: The skill includes explicit instructions in
SKILL.md(Follow-Up Mechanism) that direct the agent to analyze output for specific markers and potentially initiate additional queries, which guides the agent's decision-making process based on external script output. - [PROMPT_INJECTION]: As the skill retrieves and displays content from external Google NotebookLM documents, it is vulnerable to indirect prompt injection if those documents contain instructions designed to manipulate the agent's behavior during processing.
- [DATA_EXFILTRATION]: The skill stores sensitive browser session data, including cookies and storage state, in the local directory
~/.claude/skills/notebooklm/data/browser_state/to maintain authentication across sessions.
Audit Metadata