notebooklm-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests and acts on public NotebookLM share URLs (e.g., add_notebook and ask_question with notebook_url in references/mcp-tool-reference.md, workflows.md, and examples/adhoc-query.py), so it reads untrusted user-generated third‑party notebook content and uses those responses to drive decisions like adding notebooks or continuing tool-driven conversations.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill accepts NotebookLM share URLs at runtime (e.g., https://notebooklm.google/share/abc123) and uses the fetched notebook content (via add_notebook / ask_question with notebook_url) which would be injected into the model context and directly influence prompts/outputs.