notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly automates a browser to open and scrape NotebookLM pages (see ask_question.py and SKILL.md instructions referencing https://notebooklm.google.com/notebook/...), consuming user-uploaded/public NotebookLM content and using those responses to drive follow-up questions and final answers, so untrusted third-party content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill navigates to and scrapes NotebookLM at https://notebooklm.google.com/... at runtime (page.goto / wait_for_url) and injects that fetched notebook content into its answers, meaning external content from that URL directly influences the agent's outputs.