notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (e.g., scripts/ask_question.py and the SKILL.md/README) explicitly open arbitrary NotebookLM notebook URLs and scrape the NotebookLM responses (user-uploaded or web-sourced content) which the agent must read and use to drive follow-up queries and synthesize actions, so untrusted third‑party content can materially influence the agent.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill programmatically opens and queries NotebookLM notebook URLs (e.g. https://notebooklm.google.com/notebook/...) at runtime (ask_question.py / Smart Add) and uses the returned notebook content to drive follow-up questions and final answers, so external content fetched from that URL directly controls agent prompts/behavior.