news-scrap

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests full text from public news/article URLs using scripts/extract.py (trafilatura + Playwright) as described in SKILL.md (Steps 2–3 and Step 6) and then has the agent read and act on that untrusted web content (NotebookLM uploads, summaries, selection of featured articles and slide generation), which could enable indirect prompt injection from arbitrary third‑party pages.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's runtime fetch step (e.g., the PowerShell example passing "https://url1", "https://url2" into scripts/extract.py) downloads arbitrary article pages and then uploads that fetched text into NotebookLM via client.sources.add_text(), which injects external content into the model context and can directly control agent responses.