notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and browser-extracts content from open public sites (e.g., Twitter/X, LinkedIn, Facebook, Medium and arbitrary URLs) via Playwright and then adds that untrusted, user-generated content as NotebookLM sources for chat/generation, which exposes the agent to indirect prompt injection.