notebooklm
Warn
Audited by Snyk on Feb 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The skill explicitly automates a browser to open and query user-provided NotebookLM URLs (see ask_question.py --notebook-url / "Smart Add" in SKILL.md) and ingests the notebookLM responses (public, user-uploaded/shared content on notebooklm.google.com) for the agent to read and synthesize, exposing it to untrusted third-party content.
Audit Metadata