notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill automates a browser to add arbitrary website URLs/files as NotebookLM sources (scripts/remote_manager.py: --url/--file/--dir) and then visits notebooklm.google.com and scrapes NotebookLM's generated answers (scripts/ask_question.py _ask_once_on_page and _collect_response_texts), meaning untrusted third‑party content can be ingested and influence the agent's responses.