notebooklm-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md "Adding Sources" and "Core Workflow" sections show the skill ingests arbitrary public URLs/YouTube links and other third‑party files via commands like notebooklm source add "https://example.com/article" and source add-research, and those sources are then read and used by ask/generate commands to drive content generation and actions, so untrusted third‑party content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches external web content at runtime (for example via notebooklm source add "https://en.wikipedia.org/wiki/Climate_change"), which is injected into the model context and directly controls prompts/outputs.