Skills
skills/claude-world/notebooklm-skill/notebooklm-research/Snyk

notebooklm-research

Warn

Audited by Snyk on Apr 1, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests and auto-imports public web content (URLs, YouTube, RSS, trend-pulse results) via NotebookLM's sources and research APIs (e.g., "notebooklm source add --url", "notebooklm research start / poll", scripts/notebooklm_client.py research/research-poll", and pipeline workflows in SKILL.md/README) and then reads and uses those sources to produce cited answers and to drive downstream artifact generation, so untrusted third‑party content can directly influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). Yes — the skill ingests arbitrary web URLs at runtime (e.g., notebooklm source add_url "https://arxiv.org/abs/2401.12345") and injects the fetched page content into NotebookLM/Claude prompts, meaning external pages can directly control the agent's instructions and outputs.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 1, 2026, 08:03 AM
Issues
2