notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs adding and re-fetching arbitrary public sources (e.g., notebooklm source add "https://..."/YouTube, source add-research, source refresh, and client.sources.add_url in the Python examples), so the agent reads untrusted third‑party web/user-generated content as part of its workflow which can materially influence generated outputs and subsequent actions.