blog-notebooklm
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
subprocess.runwithin its environment setup and execution scripts (run.py,__init__.py,setup_environment.py). These commands are used for virtual environment management, dependency installation, and executing internal Python logic. - [EXTERNAL_DOWNLOADS]: The skill automates the installation of required Python packages via
pipand downloads the Google Chrome browser using the Patchright automation framework to ensure consistent fingerprinting and anti-detection capabilities. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting and processing content from the external NotebookLM service.
- Ingestion points: Research answers derived from user-uploaded documents are retrieved in
ask_question.pyandbrowser_session.py. - Boundary markers: Output is returned as plain text without specialized delimiters or boundary instructions for the agent.
- Capability inventory: The skill allows the execution of local scripts and the management of a local metadata library.
- Sanitization: Content retrieved from the external service is not sanitized or filtered before being presented to the agent.
Audit Metadata