notebooklm
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the
notebooklm-pylibrary from PyPI and recommends installing Playwright's Chromium browser. It also provides an automated installation workflow that fetches release tags directly from a public GitHub repository. - [COMMAND_EXECUTION]: The Python script
scripts/nlm.pyutilizes thesubprocessmodule to execute thenotebooklmCLI for authentication. Additionally, the skill documentation provides instructions for users to set up persistence through cron jobs or scheduled tasks to automate session refreshing. - [DATA_EXFILTRATION]: The skill manages sensitive Google session cookies, which are stored in and retrieved from a local JSON file (
~/.notebooklm/storage_state.json). While necessary for the skill's functionality, this data represents a potential exposure risk. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection.
- Ingestion points: The skill ingests untrusted data from URLs, local files (PDF, markdown, docx), and raw text inputs.
- Boundary markers: There are no specific delimiters or instructional guardrails used to isolate ingested data from the agent's logic.
- Capability inventory: The skill has the ability to execute shell commands and perform network operations.
- Sanitization: The skill does not perform validation or sanitization on content retrieved from external sources before processing it through NotebookLM.
Audit Metadata