notebooklm
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
notebooklm-mcp-clipackage from PyPI or via theuvtool. This is the official distribution channel for the integration tool provided by the skill author.- [COMMAND_EXECUTION]: The skill uses theBashtool to execute configuration and authentication commands, such asnlm loginfor browser-based OAuth andnlm setupto register the MCP server with the local agent configuration. These are standard operations for the tool's functionality.- [DATA_EXFILTRATION]: The skill's primary function involves uploading local documents, text snippets, and codebase summaries to Google's NotebookLM servers for processing. This data transit is intended and documented as part of the RAG (Retrieval-Augmented Generation) workflow.- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection (Category 8) due to its processing of untrusted external content from URLs and automated research tasks. - Ingestion points: External data enters the context via
source_add(URLs) andresearch_import(web and Drive discovery results). - Boundary markers: The skill relies on NotebookLM's internal grounding and the agent's native guardrails; no specific delimiters are added by the skill instructions.
- Capability inventory: The agent has access to powerful tools like
Bash,Write, andEdit, which could be targeted by instructions hidden in source material. - Sanitization: Content is passed directly to the RAG engine without additional client-side sanitization beyond standard platform protections.
Audit Metadata