notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill automates a browser to query and ingest content from Google NotebookLM notebooks (e.g., "https://notebooklm.google.com/notebook/..." referenced in the Core Workflow and Smart Add/ask_question steps), meaning untrusted user-uploaded notebook pages are read and used to drive follow-up queries and answers.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches and queries Google NotebookLM notebooks at runtime (e.g., https://notebooklm.google.com/notebook/...), and the retrieved notebook content is used to directly ground and control the agent's answers, meeting the criteria for an external dependency that controls prompts.