notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime workflow (e.g., scripts/ask_question.py and the SKILL.md "SMART ADD" flow) automatically opens and scrapes content from NotebookLM pages at https://notebooklm.google.com/notebook/... (user-uploaded, third‑party notebooks) and uses those extracted answers to drive follow-up queries, metadata additions, and synthesis, so untrusted user-generated content can meaningfully influence subsequent tool actions and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly loads user-provided NotebookLM pages at runtime (e.g., https://notebooklm.google.com/notebook/...) and injects the retrieved NotebookLM answers into the agent's output/follow-up flow, so externally hosted notebook content can directly control prompts/responses.