notebooklm-management
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection because its core function involves processing content from external Google NotebookLM notebooks. \n
- Ingestion points: External data enters the agent context through the
ask_questiontool via thenotebook_idornotebook_urlparameters. \n - Boundary markers: No explicit delimiters or "ignore embedded instructions" markers are defined in the tool prompts or workflows. \n
- Capability inventory: The skill can perform network requests to Google services and write metadata exports to the local file system using the provided helper script. \n
- Sanitization: The skill does not perform explicit sanitization or filtering of content retrieved from notebooks before returning it to the agent. \n- [DATA_EXFILTRATION]: The skill interacts with
notebooklm.google, which is a well-known technology service. It manages authentication through a standard OAuth process and stores session credentials locally to facilitate access, as documented in the troubleshooting guide. \n- [COMMAND_EXECUTION]: The package includes a management utility script (scripts/notebooklm-helper.py) used for library maintenance tasks such as auditing metadata quality, generating reports, and exporting notebook information to JSON files.
Audit Metadata