notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill programmatically opens and queries arbitrary NotebookLM notebook URLs (scripts/ask_question.py) and can add external websites/YouTube links (upload_sources.py add-urls / SKILL.md "SMART ADD"), reads the returned, user-generated content, and uses those responses to drive follow-up queries and to populate notebook metadata and actions—exposing the agent to untrusted third-party content that can influence subsequent tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime browser automation explicitly loads and reads content from NotebookLM notebook URLs (e.g., https://notebooklm.google.com/notebook/...) via ask_question.py and smart-add flows, and those fetched notebook responses are injected into the agent's output/decision process, so this external URL is used at runtime to directly control agent prompts/responses.