notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and acts on arbitrary public web/user-generated content — e.g., SKILL.md and docs/cli-reference.md show commands like notebooklm source add "https://...", notebooklm source add-research "query" (deep web research/import), source fulltext <id>, and notebooklm ask ... -s <source> which cause the agent to read third-party web/YouTube/Drive sources and then drive generation/download actions based on that content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The repo URL https://github.com/win4r/notebooklm-py (and the upstream https://github.com/teng-lin/notebooklm-py) is explicitly fetched by agent-install commands like "npx skills add win4r/notebooklm-py" / "npx skills add teng-lin/notebooklm-py" which pull the SKILL.md at install/runtime and therefore directly supply the agent's instructions (remote content that controls prompts), making this a required runtime dependency for agent integration.