Skills
skills/azuma520/youtube-to-notebooklm/anything-to-notebooklm/Gen Agent Trust Hub

anything-to-notebooklm

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by ingesting untrusted data from various external sources.
  • Ingestion points: Untrusted data is introduced into the agent's workflow from web URLs, YouTube transcripts, and local file uploads (PDF, DOCX, MD, etc.) through the source add and source add-research commands described in SKILL.md.
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when passing external data to the CLI tools.
  • Capability inventory: The skill utilizes shell execution for notebooklm, markitdown, and rm commands, file system writes for downloading and converting files, and network communication to interface with Google's services.
  • Sanitization: There are no documented steps for the agent to sanitize or validate external content before processing it.
  • [COMMAND_EXECUTION]: The skill uses the shell to execute commands for the notebooklm and markitdown CLI tools to manage notebook resources and convert document formats. It also includes instructions for managing files in the system's temporary directory, such as deleting conversion artifacts using rm.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download of content from web and YouTube URLs via the source add and research commands, which is then transmitted to the cloud-based NotebookLM service for further processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 11:02 PM