notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly automates a browser to open arbitrary NotebookLM URLs (notebooklm.google.com) and its scripts (e.g., scripts/ask_question.py and notebook_manager.py as described in SKILL.md) read NotebookLM responses and notebook contents uploaded by users, which the agent then compares, follows up on, and uses to drive its next actions—so untrusted third‑party content can directly influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill directly navigates to and reads content from NotebookLM (https://notebooklm.google.com/...), which is fetched at runtime and used as the required input/source that directly determines the agent's answers (i.e., external content is injected into the agent's output flow).