notebooklm-second-brain

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). High risk: the content explicitly instructs "browser cookie extraction" for nlm login and provides automated CLI commands and post-build hooks to upload repository files and commit metadata to an external NotebookLM service—patterns that enable credential theft, automated data exfiltration, and supply-chain exposure.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to query NotebookLM notebooks (nlm notebook query) that can be populated with arbitrary external URLs (nlm source add --url ) and are used to drive decisions (core directives and deterministic routine), so untrusted public web content ingested into those notebooks could materially influence the agent's behavior.