deep-research-notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's mandatory workflow (Step 3 "Add Context Sources" and Steps 4–6 in SKILL.md) instructs the agent to add and import arbitrary public URLs and run web searches via NotebookLM, meaning untrusted third‑party web content (articles, company pages, LinkedIn, press) is fetched and used to drive queries, insights, and artifact generation that can change agent actions.