Skills
skills/mathews-tom/praxis-skills/notebooklm/Snyk

notebooklm

Warn

Audited by Snyk on Mar 9, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). This skill explicitly imports and processes untrusted public content (web URLs and YouTube via commands like "notebooklm source add "https://..."" and "notebooklm source add-research "query" --from web" shown in SKILL.md and the "Supported source types" list), and that imported content is read/used to drive chats and generate artifacts, so third-party pages could indirectly inject instructions that influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches arbitrary web sources at runtime (e.g., commands like notebooklm source add "https://..." / "https://url1.com") and then injects that fetched content into NotebookLM as context for chat and generation, meaning remote URLs can directly control prompts and outputs.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 9, 2026, 08:01 AM