notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly automates browsing NotebookLM notebooks (e.g., ask_question.py and the SKILL.md/README "Smart Add" flow that queries https://notebooklm.google.com/notebook/... to discover content) and uses those notebook responses to drive metadata addition, follow-up queries, and synthesis, so it ingests untrusted/third‑party user-provided content and lets that content materially influence subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime scripts (ask_question.py / BrowserFactory) navigate to and fetch content from the user's NotebookLM pages (e.g. https://notebooklm.google.com/ and https://notebooklm.google.com/notebook/...), extract the notebook responses, and return/inject that text into the agent's output/context, so the external URL content directly drives the agent's responses.