notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill programmatically opens user-provided NotebookLM URLs and reads NotebookLM's responses (see scripts/ask_question.py and the "Smart Add" flow in SKILL.md/notebook_manager.py which navigate to https://notebooklm.google.com/notebook/...), so it ingests arbitrary user-shared third-party notebook content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime code (e.g., scripts/ask_question.py and the "Smart Add" workflow) directly navigates to and scrapes NotebookLM pages at runtime (https://notebooklm.google.com/...), and the fetched NotebookLM responses are used to generate follow-up prompts and to automatically populate notebook metadata, meaning remote content from that URL can directly influence agent prompts and behavior.