notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly ingests and indexes open web and user-provided content (e.g., "notebooklm source add "https://..."", "notebooklm source add-research "query" --from web", and supported types including web URLs and YouTube) and then has the agent chat with and generate artifacts from that content, so untrusted third‑party pages can be read and influence subsequent tool actions.