notebooklm
Warn
Audited by Snyk on Mar 14, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's workflow and scripts (SKILL.md/README and scripts/ask_question.py, auto_add.py, notebook_manager.py) explicitly open and query public NotebookLM URLs (e.g., "https://notebooklm.google.com/notebook/...") and ingest the NotebookLM responses (including Smart Add discovery), so the agent reads untrusted, user-provided third‑party content which can directly influence follow-up queries and actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill clearly fetches NotebookLM notebooks at runtime (e.g., https://notebooklm.google.com/notebook/bcf73eee-8d13-4c2f-a894-12b8e21989c4 via scripts/ask_question.py and auto_add.py) and injects the returned content into agent responses, which means external content can directly control prompts/output.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata