Skills
skills/bighardperson/computer-science-skills-collection/notebooklm-studio/Gen Agent Trust Hub

notebooklm-studio

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted content from external URLs and uploaded files, which could contain malicious instructions designed to influence the agent or the generated output (indirect prompt injection).
  • Ingestion points: Sources are ingested via URLs, YouTube links, and file paths in the notebooklm source add command in SKILL.md.
  • Boundary markers: The instructions do not specify any delimiters or safety prompts to prevent the agent from obeying instructions embedded in the imported content.
  • Capability inventory: The skill utilizes Bash for command execution and Read/Write for file operations.
  • Sanitization: No sanitization or validation logic is defined for the content being processed.
  • [COMMAND_EXECUTION]: The workflow constructs shell commands using variables like <slug> and <url_or_filepath>. If these user-influenced strings are not properly escaped by the agent when calling the Bash tool, it could lead to command injection.
  • [DATA_EXFILTRATION]: The skill's ability to upload local files to the NotebookLM service could be exploited to exfiltrate sensitive files (e.g., SSH keys or environment variables) if the agent is tricked into sourcing them.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 10:48 AM
Security Audit — agent-trust-hub — notebooklm-studio