Skills
skills/jst-well-dan/skill-box/nlm-skill/Gen Agent Trust Hub

nlm-skill

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on shell command execution via Bash to interact with the nlm CLI for all core functionalities, including notebook creation, data querying, and content export.
  • [EXTERNAL_DOWNLOADS]: Includes instructions for the nlm skill command family, which allows for the installation and updating of external tool configurations and plugins.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it is designed to ingest and process untrusted data from web URLs, YouTube transcripts, and Google Drive documents.
  • Ingestion points: Untrusted data enters the agent's context through nlm source add and research tasks defined in SKILL.md and references/workflows.md.
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when processing external source content.
  • Capability inventory: The skill possesses the ability to read, modify, and delete notebooks and sources via CLI commands.
  • Sanitization: There is no indication of content sanitization or validation for ingested external data before it is utilized in AI generation or Q&A tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 04:16 PM