nlm-skill
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from external sources, including web URLs, YouTube videos, and Google Drive documents, through commands like
nlm source addandnlm research start. This ingestion of external data presents a surface for indirect prompt injection, where malicious instructions embedded in the source material could attempt to override the agent's behavior. - Ingestion points:
nlm source add <id> --url,nlm research start <query>, andnlm source add <id> --drive <doc-id>. - Boundary markers: The skill does not explicitly define markers to delimit external content, though it uses structured CLI commands.
- Capability inventory: The agent can execute bash commands, perform network operations via the CLI, and manage cloud resources (NotebookLM).
- Sanitization: Not explicitly mentioned in the skill instructions.
- [COMMAND_EXECUTION]: The skill's primary function is to provide instructions for the agent to execute the
nlmCLI tool via bash. This allows the agent to interact with the local filesystem and network through the CLI interface provided by the tool. - [EXTERNAL_DOWNLOADS]: The skill documentation (
AGENTS_SECTION.md) provides instructions to install thenotebooklm-mcp-clitool usinguv tool install. Whileuvis a well-known package manager, this involves the installation of third-party executable code on the host system.
Audit Metadata