notebooklm-video-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection as it ingests untrusted data from external sources.\n
- Ingestion points: Untrusted content enters the agent context through YouTube transcripts (via
get_page_content) and results fromweb_search.\n - Boundary markers: Absent; the skill lacks instructions for the agent to ignore or delimit embedded commands within the fetched research data.\n
- Capability inventory: The skill possesses the ability to execute JavaScript in the browser context via the Control Chrome connector and perform arbitrary web searches.\n
- Sanitization: Absent; external content is interpolated directly into research documents without filtering.\n- [COMMAND_EXECUTION] (LOW): The skill generates and executes JavaScript snippets within the user's browser session. These snippets use standard techniques (dispatching Angular events) to automate UI interactions and are consistent with the stated purpose of automating NotebookLM.
Audit Metadata