nlm-skill

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [SAFE]: The skill documents robust safety practices, explicitly instructing the agent to always seek user confirmation before executing any delete or permanent sync operations.
  • [COMMAND_EXECUTION]: The skill uses the nlm CLI and associated MCP tools to interact with the NotebookLM service. These commands are used for legitimate resource management such as creating notebooks, querying sources, and generating content.
  • [EXTERNAL_DOWNLOADS]: The skill references the installation of the notebooklm-mcp-cli tool via standard package managers and utilizes built-in research features to fetch data from URLs, YouTube, and Google Drive as part of its intended functionality.
  • [PROMPT_INJECTION]: Instructions within the skill, such as constraints on tool usage (e.g., avoiding nlm chat start), are operational guidelines aimed at ensuring the AI agent functions correctly within the platform's constraints and are not malicious injections.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 10:15 AM
Security Audit — agent-trust-hub — nlm-skill