notebooklm
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a research assistant that automates queries to Google NotebookLM. The automated browser behavior is consistent with the stated purpose of source-grounded research.
- [EXTERNAL_DOWNLOADS]: During environment setup, the skill downloads browser binaries (Chrome/Chromium) using the patchright library. This is a standard requirement for browser-based automation tasks.
- [COMMAND_EXECUTION]: The skill uses a run.py wrapper and setup_environment.py script to manage an isolated virtual environment and execute local Python scripts via subprocess.run, ensuring dependencies are contained.
- [CREDENTIALS_UNSAFE]: Google session cookies are stored locally in data/browser_state/state.json to maintain persistent authentication. While these are sensitive credentials, they are stored within the skill's local data directory and used solely for authenticating with the official Google NotebookLM service.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection as it retrieves content from external NotebookLM notebooks which could contain malicious instructions.
- Ingestion points: Notebook response content retrieved in scripts/ask_question.py.
- Boundary markers: None used in the interaction flow.
- Capability inventory: Execution of local scripts (scripts/run.py) and local file access (scripts/notebook_manager.py).
- Sanitization: None performed on retrieved text.
Audit Metadata