notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill autonomously opens and scrapes user-supplied NotebookLM URLs (see ask_question.py which navigates to notebooklm.google.com and extracts responses, and SKILL.md/usage patterns "Smart Add" which queries a notebook URL to discover its content), so it ingests untrusted, user-generated third‑party content that directly influences follow-up queries and agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly opens and scrapes NotebookLM pages at runtime (e.g., https://notebooklm.google.com/notebook/...) and uses the returned NotebookLM content as the authoritative answer/follow-up input, so remote content from that URL directly controls agent outputs.