notebooklm
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches configuration and the latest release tag from the vendor's official GitHub repository to facilitate installation of the
notebooklm-pypackage. It also includes a commandnotebooklm skill installfor setting up additional skill components. - [PROMPT_INJECTION]: The skill ingests untrusted data from various external sources, which is a potential surface for indirect prompt injection attacks where malicious instructions in the data could influence agent behavior.
- Ingestion points: Uses
notebooklm source addto import content from URLs, YouTube, PDFs, and multimedia files, andnotebooklm source add-researchto ingest web research data into the notebook context. - Boundary markers: No explicit delimiters or system instructions to ignore embedded commands within the sources were identified in the operational guidelines.
- Capability inventory: The skill possesses significant capabilities including filesystem writes via
download, complex content generation viagenerate, and the ability to orchestrate background tasks using a subagent pattern. - Sanitization: No sanitization, filtering, or validation of the retrieved external content is described before it is indexed and processed by the AI models.
Audit Metadata