notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's automation (see scripts/ask_question.py and the SKILL.md "SMART ADD" workflow) navigates to arbitrary NotebookLM URLs and reads NotebookLM responses (user-uploaded / user-generated notebook content) and then uses that discovered content to drive metadata addition and follow-up queries, which clearly lets untrusted third-party content materially influence subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill opens and queries user-provided NotebookLM URLs at runtime (e.g., https://notebooklm.google.com/notebook/...) and directly uses the fetched NotebookLM responses as the agent's answer content, so the external NotebookLM page controls prompts/output.