nlm-skill
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary function is to guide the agent in executing 'nlm' CLI commands via Bash. This allows the agent to interact programmatically with Google NotebookLM for tasks such as creating notebooks, adding sources, and generating podcasts.\n- [EXTERNAL_DOWNLOADS]: The skill instructions and AGENTS_SECTION.md recommend the installation of the 'notebooklm-mcp-cli' package using the 'uv' tool. This is a vendor-provided tool required for the skill to function.\n- [PROMPT_INJECTION]: A vulnerability to indirect prompt injection was identified.\n
- Ingestion points: External data is ingested from URLs, YouTube videos, and Google Drive documents through the 'nlm source add' command and research workflows in 'SKILL.md' and 'references/workflows.md'.\n
- Boundary markers: The skill does not implement delimiters or specific instructions to the agent to disregard instructions potentially embedded within the ingested source material.\n
- Capability inventory: The agent has permissions to execute shell commands ('nlm') and perform network-based research tasks.\n
- Sanitization: No explicit sanitization or filtering logic is present for data retrieved from external sources.\n- [CREDENTIALS_UNSAFE]: The skill manages authentication through the 'nlm login' command, which utilizes the Chrome DevTools Protocol (CDP) to extract session cookies. This process involves handling sensitive authentication tokens, though no hardcoded secrets or evidence of unauthorized exfiltration were detected.
Audit Metadata