nlm-skill
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides comprehensive instructions for executing
nlmCLI commands via bash tools. This includes notebook management, source ingestion, research tasks, and content generation workflows. - [EXTERNAL_DOWNLOADS]: The documentation includes commands for downloading generated artifacts (such as podcasts, videos, and reports) to the local file system. It also provides installation instructions for the
notebooklm-mcp-clitool using standard package managers. - [PROMPT_INJECTION]: The skill has a surface area for indirect prompt injection because its core functionality involves processing untrusted data from URLs, YouTube videos, and Google Drive documents. Malicious instructions could be embedded within these sources to manipulate agent behavior.
- Ingestion points: Commands such as
nlm source add --url,nlm source add --drive, andnlm research startbring external, untrusted content into the agent's context (documented in SKILL.md and references/command_reference.md). - Boundary markers: The instructions do not explicitly define boundary markers or instruct the agent to ignore natural language instructions found within the ingested source material.
- Capability inventory: The agent has the ability to execute shell commands, perform network operations (authentication and source fetching), and write files to the local system (downloading artifacts).
- Sanitization: No content sanitization or validation steps for ingested source material are mentioned in the documentation.
Audit Metadata