notebooklm-studio

SUSPICIOUS. The skill’s behavior is broadly aligned with its stated NotebookLM-automation purpose, but its core trust boundary is weak because it relies on an unofficial third-party CLI that uses undocumented Google endpoints and receives authenticated access to user NotebookLM data. This is not clearly malicious, but it is a medium-risk skill due to credential forwarding and data flow through non-official tooling.