Skills
NYC
skills/delorenj/skills/notebooklm/Gen Agent Trust Hub

notebooklm

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill relies on a run.py wrapper that executes other scripts. This pattern of dynamic execution and environment management can be used to hide malicious commands.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The documentation explicitly states that the run.py wrapper 'installs all dependencies' and 'Chromium browser installs automatically' during the first run. This indicates unverified package installation and binary downloads from external sources (npm/pip/browser providers) at runtime.
  • [DATA_EXFILTRATION] (LOW): The skill stores sensitive session data, including 'browser cookies and session' in ~/.claude/skills/notebooklm/data/browser_state/. While the skill includes instructions to protect this data via .gitignore, the existence of persistent session tokens on disk presents a surface for local data exposure if other processes access this directory.
  • [PROMPT_INJECTION] (SAFE): The skill contains strong instructions for the agent to verify metadata with the user ('ASK THE USER FIRST', 'NEVER guess') before adding notebooks, which acts as a safeguard against automated schema confusion or accidental data corruption.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:25 PM