notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill automates a browser to query NotebookLM (notebooklm.google.com) and "Smart Add"/ask user-provided NotebookLM URLs, ingesting NotebookLM's answers which are derived from arbitrary user-uploaded or web-sourced content (websites, GitHub, YouTube, etc.), so the agent directly reads and acts on untrusted third‑party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill programmatically opens NotebookLM at runtime (e.g. https://notebooklm.google.com/notebook/...) and uses the fetched NotebookLM responses to drive follow-up prompts and final synthesized outputs, so external content from that URL directly controls the agent's behavior.