notebook-lm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests open web and user-generated content (e.g., client.sources.add_url, client.research.start / import_sources and add-research in SKILL.md and references/workflows.md) — it fetches arbitrary URLs/YouTube/web research and then reads and acts on that content to answer questions and generate artifacts, allowing third-party instructions to influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly accepts and fetches arbitrary web URLs at runtime (e.g., client.sources.add_url(nb.id, "https://example.com/article")), and those fetched pages are ingested into NotebookLM and can directly influence prompts/responses, so this is a runtime external dependency that can control agent outputs.