The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The skill constructs shell commands by interpolating user-provided variables such as '[公司名称]' and '[股票代码]' directly into commands like notebooklm create "投资研究: [公司名称]" and notebooklm source add-research "[公司名称] [股票代码]...". This lacks sanitization and allows for command injection if an attacker provides a malformed company name containing shell metacharacters (e.g., ;, &&, or |).
PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8).
Ingestion points: The skill uses notebooklm source add-research to ingest 40-50 external files, including analyst reports and earning call transcripts from the web.
Boundary markers: No boundary markers or 'ignore' instructions are specified in the workflow to separate external content from agent instructions.
Capability inventory: The agent has the capability to execute several notebooklm CLI commands (create, use, ask, delete) and perform web searches.
Sanitization: There is no evidence of sanitization or filtering of the content retrieved from external sources before it is processed by the agent in subsequent analysis stages.
EXTERNAL_DOWNLOADS (LOW): The skill depends on the external notebooklm CLI tool and instructs the user to set environment variables for proxies, which is a common practice for accessing Google services in restricted regions but could be leveraged to intercept traffic if misconfigured.

stock-research