notebooklm
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
notebooklm-pypackage usinguv tool install. This is an external dependency that provides the bridge to the Google NotebookLM service. - [COMMAND_EXECUTION]: The skill executes multiple commands via the
notebooklmCLI to manage notebooks and sources. While necessary for the skill's purpose, this presents an interface for interaction with the underlying system. - [DATA_EXFILTRATION]: The skill includes capabilities to download generated artifacts (e.g.,
notebooklm download audio) from the remote service to the local filesystem. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external sources (Category 8).
- Ingestion points: Data is ingested via
notebooklm source addfor external URLs, YouTube videos, and various document formats (PDFs, Word docs, etc.). - Boundary markers: No specific boundary markers or instructions to ignore embedded commands within the sources are defined in the tool prompts or generation commands.
- Capability inventory: The skill can execute CLI commands and write files to the local disk, which are significant capabilities if an injection occurs.
- Sanitization: There is no evidence of sanitization or filtering of the source content before it is processed by the underlying Google NotebookLM engine.
Audit Metadata