notebook
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill allows the agent to read local files and URLs to provide them to the NotebookLM service.
- Evidence: The 'source_add' tool in 'SKILL.md' accepts 'file_path' and 'url' parameters, enabling the agent to access local filesystem data or remote content and transmit it to an external provider.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the web and external files.
- Ingestion points: 'source_add' (URLs, local files) and 'research_start' (web search results) as defined in 'SKILL.md'.
- Boundary markers: The instructions do not specify any delimiters or warnings to ignore instructions within the source content.
- Capability inventory: The agent can read files and URLs via 'source_add', perform web research via 'research_start', and write files via 'download_artifact'.
- Sanitization: No sanitization or validation of the ingested content is described in the skill configuration.
- [COMMAND_EXECUTION]: The skill documentation instructs users to execute CLI commands for authentication.
- Evidence: 'SKILL.md' explicitly mentions running 'nlm login' via Bash to resolve authentication errors.
Audit Metadata