notebooklm
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
notebooklm-pytool via theuvpackage manager. This tool is a third-party CLI used to automate interactions with Google NotebookLM. - [COMMAND_EXECUTION]: The skill frequently executes shell commands through the
notebooklmCLI to manage authentication, notebook creation, and artifact generation. These commands are triggered by natural language instructions from the user. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests content from external, untrusted sources such as URLs, YouTube videos, and local documents via the
notebooklm source addandnotebooklm source add-researchcommands. - Ingestion points: External content added as sources (detailed in
SKILL.mdunder Quick Reference and Common Workflows). - Boundary markers: The skill instructions do not specify the use of delimiters or 'ignore' instructions when passing untrusted content to the CLI.
- Capability inventory: The skill can perform network operations (uploading sources) and filesystem operations (downloading generated artifacts like MP3s, MP4s, and PDFs).
- Sanitization: There is no evidence of content sanitization or validation before the data is processed by the NotebookLM service.
Audit Metadata