notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and ingest open web and user-generated content (e.g., "notebooklm source add 'https://...'", "notebooklm source add 'https://youtube.com/...'", and "notebooklm source add-research 'query' --from web"), and that content is read/used by chat/Generate commands to drive outputs, so untrusted third-party pages can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches arbitrary remote content at runtime via commands like notebooklm source add "https://..." (including examples such as "https://url1.com" and "https://youtube.com/..."), which are ingested into the NotebookLM context and can directly control agent prompts/responses.