notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly automates a browser to visit and scrape NotebookLM notebooks (see scripts/ask_question.py and the "SMART ADD" flow in SKILL.md/README) and uses those notebook responses (user-uploaded / shared NotebookLM content) to drive follow-up queries, metadata decisions, and synthesized actions—so untrusted third‑party content can directly influence tool use and next steps.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill navigates to and queries user-supplied NotebookLM pages at runtime (e.g., https://notebooklm.google.com/notebook/...) and ingests the NotebookLM responses directly to drive agent prompts, follow-ups, and outputs, so this external URL is a runtime dependency that can control the agent's instructions.