notebooklm
Warn
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions trigger the installation of the 'notebooklm' CLI tool (indicated as 'notebooklm-py' in metadata), which involves downloading unofficial third-party code from public package registries.
- [COMMAND_EXECUTION]: The skill relies on an external command-line tool 'notebooklm' to perform file operations, notebook management, and data retrieval.
- [DATA_EXFILTRATION]: The skill handles sensitive session data and user authentication ('notebooklm login', 'notebooklm auth check') through an unofficial API implementation, potentially exposing user credentials to third-party infrastructure.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its broad ingestion of untrusted data from URLs, YouTube videos, and documents.
- Ingestion points: File SKILL.md (via 'notebooklm source add' command).
- Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore embedded commands in sources.
- Capability inventory: File SKILL.md (the tool has permissions to write to the local filesystem via 'download' and perform network operations).
- Sanitization: No sanitization or validation of external content is specified.
Audit Metadata