notebooklm
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs Google Chrome or Chromium binaries using the patchright library. These downloads are directed from trusted/well-known infrastructure to facilitate browser automation.
- [COMMAND_EXECUTION]: A custom runner script (run.py) is used to execute local Python scripts that manage the skill's virtual environment, dependency installation, and browser orchestration. This behavior is transparently implemented for environment isolation.
- [DATA_EXFILTRATION]: Authentication state, including session cookies and browser profiles, is stored locally within the skill's data directory. There is no evidence of these sensitive tokens being transmitted to external servers other than notebooklm.google.com during the intended automation workflow.
- [PROMPT_INJECTION]: The skill processes content retrieved from external documents via NotebookLM, which creates an indirect prompt injection surface. However, this is an inherent aspect of RAG-based tools and is mitigated by the skill's specific instruction patterns and the agent's internal safety guardrails.
Audit Metadata