Skills
skills/giuseppe-trisciuoglio/developer-kit-claude-code/notebooklm/Gen Agent Trust Hub

notebooklm

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the notebooklm-mcp-cli package from PyPI or GitHub. This is an external, community-maintained tool. While it is the primary purpose of the skill, it introduces a dependency on a non-vendor source.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to execute nlm CLI commands. These commands handle authentication (via cookie extraction), notebook management, and data retrieval.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it ingests untrusted data from URLs, YouTube videos, and files into the NotebookLM RAG system. The AI-generated query results could contain malicious instructions.
  • Ingestion points: Data is added to notebooks via the nlm source add command from URLs, files, and external services as described in SKILL.md and cli-command-reference.md.
  • Boundary markers: The skill includes explicit instructions for the agent to present all results to the user for review and to never act autonomously on NotebookLM output.
  • Capability inventory: The agent is granted access to the Bash, Read, and Write tools, providing a surface for command execution or file modification if an injection is successfully exploited.
  • Sanitization: The skill relies on human-in-the-loop review and explicit user confirmation as the primary defense against malicious content in retrieved data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 07:09 AM