notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly automates and scrapes NotebookLM pages (scripts/ask_question.py reads responses from notebooklm.google.com) and allows adding arbitrary web URLs and user files as sources (scripts/remote_manager.py supports --url and --dir/--file uploads, and SKILL.md/README document these flows), so untrusted third‑party content (public web pages or user-provided content) is ingested and its text is read/interpreted as part of the query workflow and could therefore influence subsequent answers/actions.