notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows (workflows/import.md step 4 and workflows/ask.md step 2) and accompanying scripts (scripts/import_sources.py calls notebooklm source guide ... --json; scripts/extract_passages.py reads cited_text from NotebookLM --json Q&A outputs and scripts/resolve_citations.py incorporates those answers) ingest content from public third‑party sources (YouTube, web pages, PDFs, etc.) and parse/use that content to generate notes and drive citation resolution, which could allow maliciously crafted third‑party content to influence tool behavior or downstream actions.