notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly automates browser queries of Google NotebookLM notebooks (see SKILL.md and references/api_reference.md: ask_question.py --notebook-url / notebook-id and the "SMART ADD" discovery flow), causing the agent to fetch and interpret arbitrary user-uploaded NotebookLM content which could contain untrusted instructions that influence follow-up queries and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches NotebookLM content at runtime (e.g., https://notebooklm.google.com/notebook/...) via ask_question.py / Smart Add and injects that notebook content as the source/context for model prompts, so an external URL directly controls agent prompts.