nlm-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs users/agents to extract raw authentication cookies and save them via a tool call (mcp__notebooklm-mcp__save_auth_tokens(cookies="<cookie_header>")), which requires embedding secret cookie/header values verbatim in commands—an explicit high-risk secret-handling pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly ingests public/untrusted web and user-generated content as part of its required workflows (e.g., "nlm source add --url 'https://...'", YouTube URLs, and "nlm research start ... --source web" followed by "nlm research import "), so the agent will read and act on third‑party pages whose content could contain injected instructions.