notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The CLI fetches and ingests notebook content from NotebookLM (notebooklm.google.com) via RPCs such as LIST_NOTEBOOKS, LIST_ARTIFACTS and GET_INTERACTIVE_HTML (see scripts/rpc-client.ts and scripts/artifact-generator.ts and SKILL.md), which returns user-uploaded or web-sourced notebook content/HTML that the tool reads and uses to generate artifacts—i.e., untrusted third-party content can directly influence generation and downloads.