notebooklm-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts arbitrary URLs via the "source add_url" operation (see run.py _dispatch_source and the SKILL.md example "source add_url --url https://example.com/article"), passes them to the nlm CLI to ingest notebook sources, and then uses notebook/query and report commands that read and act on that ingested content—so untrusted third‑party web content can influence subsequent tool actions.