notebooklm-studio
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The bootstrap script 'scripts/bootstrap_notebooklm.py' installs the 'notebooklm-py' and 'playwright' packages from public registries to provide the necessary automation environment.
- [COMMAND_EXECUTION]: The skill extensively uses subprocess calls across several scripts, such as 'artifact_pipeline.py' and 'dashboard_server.py', to execute CLI commands for interacting with the NotebookLM service.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) as it processes untrusted data from URLs and files and incorporates the resulting artifact metadata into agent prompts.
- Ingestion points: External data enters the system through the '--source' argument in 'artifact_pipeline.py' and 'nblm_orchestrator.py'.
- Boundary markers: Boundary markers are absent in the 'build_agent_prompt' function within 'dashboard_server.py', which could lead to instructions in source data being misinterpreted by the agent.
- Capability inventory: The skill possesses the capability to execute shell commands, manage local files, and host a local HTTP server via 'scripts/dashboard_server.py'.
- Sanitization: While the skill uses a 'slugify' function for file path safety, it does not implement content sanitization for the summaries generated from external sources.
Audit Metadata