nlm

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill explicitly instructs using Chrome DevTools Protocol to extract active NotebookLM session cookies (via nlm auth login and recommending starting Chrome with --remote-debugging-port), and to persist authentication tokens/cookies in ~/.nlm/env and environment variables — a clear pattern that can be used to steal credentials/session tokens and enable session hijacking or unauthorized access; no obfuscated payloads or remote shells are present, but the cookie-extraction and storage behavior is a high-risk credential-theft pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open web and user-generated content (e.g., "nlm add https://example.com/article", YouTube links in Source Management and the "nlm research" command that "searches for relevant sources and automatically imports found sources" in SKILL.md and references/workflows.md), so untrusted third-party pages can be read and materially influence generation and subsequent tool actions.