notebooklm-create

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests public, user-generated web content (see Phase 2 "Deep research" which uses WebFetch/WebSearch and the community content agent to pull Reddit, Hacker News, GitHub Discussions, YouTube, etc., and Phase 4 "Load sources" which sequentially adds those URLs) and then uses that content to construct research synthesis, focus_prompts, and drive downstream MCP tool calls and Studio generation, so untrusted third-party content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill uses WebFetch at runtime to retrieve arbitrary external URLs (e.g., user-provided seed URLs such as https://www.youtube.com/watch?v=8oLP8oxqtOE shown in the sample) and then directly uses the fetched content to populate research facts, adapt the 9 curated prompts (scripts/adapt_prompts.py), and build focus_prompts for Studio tools, so remote content can directly control agent prompts/instructions.