The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires the installation of the notebooklm-mcp-cli package from PyPI or GitHub (jacob-bd/notebooklm-mcp-cli). This is a third-party repository not included in the trusted vendors list, representing an unverified software dependency.
[COMMAND_EXECUTION]: The skill heavily utilizes the Bash tool to execute nlm CLI commands for project management, data querying, and system diagnostics. This allows an external tool to run with the permissions of the local user environment.
[DATA_EXFILTRATION]: The authentication process (nlm login) programmatically accesses and extracts session cookies from the user's Chrome browser. While intended for Google service authentication, this mechanism exposes highly sensitive personal credentials to a third-party command-line tool.
[PROMPT_INJECTION]: The skill processes retrieved information from NotebookLM, which can include content from external URLs, YouTube videos, and Google Drive files. This creates an indirect prompt injection surface (Category 8) where malicious content in those sources could influence agent behavior. Evidence includes:
Ingestion points: SKILL.md (Step 3: Managing Sources
URL, YouTube, File, Drive), references/cli-command-reference.md (Research start).
Boundary markers: Explicitly absent in command interpolation; however, the author provides a textual warning in the Security section to treat query results as untrusted.
Capability inventory: Bash (full command execution), Read, and Write tools are available to the agent.
Sanitization: No automated sanitization or filtering of the CLI output is implemented before the agent processes the results.

notebooklm