nlm-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs extracting browser cookies and passing the raw cookie/header string into a tool call (mcp__notebooklm-mcp__save_auth_tokens(cookies="<cookie_header>")), which requires the agent to handle and include secret values verbatim — a direct exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests arbitrary public web content (e.g., "nlm source add --url 'https://...'", YouTube URLs, and "nlm research start" with web mode) and then reads/uses that untrusted, user-generated third‑party content as inputs for queries and content-generation workflows described in SKILL.md, so third‑party pages could embed instructions that materially influence agent actions.