The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill captures Google authentication cookies by automating a Chrome browser and stores them in a local file for session persistence.
Evidence: scripts/cookie-store.ts manages the collection of sensitive cookies (SID, HSID, etc.) and their storage in a cookies.json file.
Security control: The skill applies restricted file permissions (0o600) to the credential file on Unix-like systems to prevent unauthorized local access.
[COMMAND_EXECUTION]: The skill executes local commands to launch and interact with a browser process via the Chrome DevTools Protocol (CDP).
Evidence: scripts/auth.ts uses child_process.spawn to launch Chrome or Chromium with debugging flags like --remote-debugging-port.
[EXTERNAL_DOWNLOADS]: The skill downloads generated media and data artifacts from Google's official infrastructure.
Evidence: scripts/rpc-client.ts contains logic to fetch files from notebooklm.google.com and lh3.googleusercontent.com.
[PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection by ingesting and processing untrusted data from user-specified notebooks.
Ingestion points: Notebook source content is retrieved via RPC calls in scripts/main.ts and scripts/rpc-client.ts.
Boundary markers: The skill does not implement explicit boundary markers or "ignore instructions" warnings when extracting content from notebook sources.
Capability inventory: The skill has the capability to write various file types to the local disk and perform network requests to Google domains.
Sanitization: No sanitization or validation is performed on the content retrieved from NotebookLM before it is processed for artifact generation.

notebooklm