research-collector
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs shell commands using user-supplied keywords for YouTube searches (
yt-dlp) and NotebookLM queries. There is a risk of command injection if the keywords contain shell metacharacters, as they are interpolated directly into command strings. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of
notebooklm-mcp-cliviapip. This is a third-party package from an unverified GitHub repository (jacob-bd/notebooklm-mcp-cli), which introduces a supply chain risk. - [PROMPT_INJECTION]: The skill processes untrusted data from YouTube metadata and web articles through the NotebookLM research feature. This represents an indirect prompt injection surface.
- Ingestion points: YouTube video metadata and NotebookLM query answers are read into the agent's context.
- Boundary markers: Absent. The skill does not use delimiters or warnings to isolate external content from instructions.
- Capability inventory: The agent has access to shell execution, Python script execution, and file system writes.
- Sanitization: The skill's Python processing script extracts raw JSON fields without escaping or sanitizing the content before writing it to a markdown file.
- [DATA_EXFILTRATION]: While intended for research, the skill sends user-defined topics to external search engines and services. It also writes files to a local directory based on the user topic name, which could be susceptible to path traversal if the topic name is not validated.
Audit Metadata