wowerpoint
Warn
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses string interpolation to build shell commands using variables like
<PROMPT>,<title>, and<doc-path>(e.g.,notebooklm generate slide-deck "<PROMPT>" ...). Since these variables can be sourced from user input or external documents without sanitization, a malicious string containing shell metacharacters such as backticks or semicolons could be used to execute arbitrary commands on the system. - [EXTERNAL_DOWNLOADS]: The skill requires installing
notebooklm-pyandplaywrightusinguv tool install. These are third-party dependencies from public repositories that are not part of the standard agent environment. - [DATA_EXFILTRATION]: The core functionality involves uploading local document content to Google's NotebookLM service. While the skill includes a warning regarding sensitive documents, this process inherently transmits local data to an external cloud platform.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes content from external documents to populate command arguments.
- Ingestion points: Local document content accessed in Workflow Step 1.
- Boundary markers: Absent; content is extracted and used directly without delimiters or safety instructions.
- Capability inventory: Execution of shell commands via the
notebooklmCLI. - Sanitization: Absent; document-derived text is not escaped before being interpolated into shell commands.
Audit Metadata