notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI explicitly supports adding and waiting on arbitrary web sources (e.g., "python3 ... source add https://example.com" and the spawn tasks using "source add-research" shown in references/cli-commands.md, QUICKSTART_CN.md, and SKILL.md), which causes the agent to fetch and ingest untrusted public web content that can influence subsequent actions (research, generation, artifact creation).