nblm
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface.
- Ingestion points: Untrusted data enters the agent context through user questions in ask_question.py and document content from local files or Z-Library URLs in source_manager.py.
- Boundary markers: There are no boundary markers or instructions to ignore embedded commands used when processing external documents.
- Capability inventory: The skill possesses extensive capabilities including subprocess execution via the run.py wrapper, arbitrary file system access for source management, and network communication via browser automation.
- Sanitization: Ingested content is processed and passed to NotebookLM or local storage without sanitization.
- [COMMAND_EXECUTION]: The skill uses a central runner (run.py) that executes Python scripts and dependency management tools via subprocess.run.
- [EXTERNAL_DOWNLOADS]: The skill automatically downloads several external dependencies from trusted and well-known sources.
- Fetches the agent-browser package from the official NPM registry (owned by trusted organization vercel-labs).
- Installs Python packages including patchright and notebooklm-py from the official PyPI registry.
- Downloads and installs the Chromium browser binary using official Playwright and Patchright utilities.
- These resources are required for the skill documented browser automation functionality.
Audit Metadata