notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly allows adding and researching arbitrary public URLs and YouTube (e.g., "notebooklm source add 'https://...'", "Add sources (URLs, YouTube, PDFs...)", and "notebooklm source add-research 'query'"), which means the agent ingests untrusted third-party web/user-generated content and uses it to drive chat and generation actions.