news-scrap-codex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches and scrapes arbitrary public article URLs (scripts/extract.py using trafilatura and Playwright) which are turned into NotebookLM source files (scripts/build_notebook_sources.py) and then uploaded to NotebookLM for Q0–Q6 analysis (scripts/notebooklm_gate.py) whose outputs (Q4/Q6) drive featured-article selection and slide generation (scripts/notebooklm_slide_deck.py), so untrusted third‑party content is read and can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The extract.py script fetches arbitrary external article URLs at runtime (e.g., https://example.com/article and real domains listed such as medicaltimes.com or pubmed.ncbi.nlm.nih.gov) and the downloaded page contents are uploaded as NotebookLM sources that directly influence the Q0–Q6 outputs and slide-deck generation, so remote content can directly control model inputs.