notebooklm-create
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill uses the notebooklm-rpc MCP tools for its core functionality. The logic implemented in SKILL.md and the accompanying Python scripts is focused on providing a stable and efficient workflow for research and artifact generation.
- [COMMAND_EXECUTION]: The skill instructs the agent to run
notebooklm-mcp-authto refresh credentials. This is a standard procedure for the associated MCP server and does not constitute a security risk. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes data from untrusted web sources (e.g., Reddit, Hacker News) during the research phase.
- Ingestion points: External data is ingested via
WebFetchandWebSearchinto subagents for synthesis. - Boundary markers: Explicit isolation delimiters are not present in the research templates.
- Capability inventory: The skill manages notebook resources and generates AI artifacts via MCP tools.
- Sanitization: No specialized filtering is applied to the raw web content before synthesis. This surface is standard for research-oriented skills and is mitigated by the platform's default safety filters.
Audit Metadata