notebooklm
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection through its data retrieval and processing workflows.\n
- Ingestion points: Untrusted data enters the agent context through
source_add(URLs, Google Drive documents, local files) andresearch_import.\n - Boundary markers: There are no specific delimiters or guardrail instructions defined in the rules to prevent the agent from accidentally following instructions embedded in the retrieved content.\n
- Capability inventory: The skill grants the agent access to powerful tools including
Bash,Write,Edit, andTaskCreate.\n - Sanitization: The skill documentation does not describe any sanitization or validation of the content fetched from external sources.\n- [EXTERNAL_DOWNLOADS]: The skill relies on the third-party Python package
notebooklm-mcp-clifrom PyPI as a core dependency for its operations.\n- [COMMAND_EXECUTION]: The skill utilizes theBashtool to executenlmCLI commands for authentication, configuration, and interacting with the NotebookLM service.
Audit Metadata