notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to add and query external, user-provided web/YouTube/Drive sources (e.g., "nlm source add --url """ and "nlm research start """) and to read NotebookLM responses grounded in those public sources, so the agent will ingest untrusted third-party content that could carry indirect prompt-injection instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly allows fetching arbitrary external URLs at runtime via commands like nlm source add --url "", which are ingested into NotebookLM and therefore directly influence the model's prompts/responses (risking execution/control of agent behavior).