notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime automation (e.g., scripts/ask_question.py) navigates to user-supplied NotebookLM URLs (https://notebooklm.google.com/...) and reads the NotebookLM responses (per the SKILL.md/README "Smart Add" and ask_question workflow), which may be synthesized from arbitrary user-uploaded or public web content — untrusted third‑party material the agent ingests and uses to drive follow-up queries and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill, at runtime, navigates to and queries external NotebookLM URLs (e.g. https://notebooklm.google.com/notebook/...) to fetch answers that directly drive the agent's responses and follow-up prompts, and this external content is a required dependency for the skill's operation.