nlm-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows copying/extracting cookies and passing them as a literal argument (mcp__notebooklm-mcp__save_auth_tokens(cookies="<cookie_header>")), which requires the agent to handle and embed secret cookie/auth values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's documentation (see SKILL.md "Workflow Decision Tree" and "Source Management" and the Research sections) explicitly instructs the agent to fetch and ingest public web/YouTube URLs via commands like "nlm source add --url ...", "nlm research start ... --source web", "nlm source content ", and then to use those sources in queries and generation (e.g., nlm notebook query, studio_create), meaning untrusted third‑party content can be read and materially influence subsequent tool actions.