notebooklm-second-brain

SUSPICIOUS: the skill’s purpose is coherent, but its actual trust model is weak. It routes project data and browser-derived auth through an unofficial third-party CLI that uses cookie extraction, and it adds automatic remote syncing of build metadata; this is more exposure than a simple retrieval policy needs.