notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests open web and user-generated content — e.g., SKILL.md and the CLI docs show commands like notebooklm source add "https://...", source add-research "query" --mode deep, adding YouTube/URL sources, retrieving source fulltext, and using those sources in ask/generate flows and background subagents, so untrusted third‑party content is read and can directly influence agent actions.