notebooklm

SUSPICIOUS: the skill’s core behavior is broadly aligned with querying NotebookLM, but it relies on runtime installation of third-party browser automation tooling, stores persistent Google session state locally, and processes untrusted notebook content while retaining shell/browser capabilities. The main concerns are supply-chain trust and prompt-injection exposure rather than confirmed malware or clear credential theft.