notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill programmatically opens and queries arbitrary NotebookLM notebooks (see SKILL.md "SMART ADD" and scripts/ask_question.py which navigates to https://notebooklm.google.com and parses the returned responses), meaning it ingests untrusted/user-provided third‑party content and uses those responses to drive follow-up questions and agent actions, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill directly loads and queries users' NotebookLM pages at runtime (e.g., https://notebooklm.google.com/notebook/...), and the NotebookLM/Gemini responses are read and returned to the agent—meaning remote content fetched from that URL directly controls prompts/output and is required for the skill to function.