nblm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests third-party content — e.g., querying Google NotebookLM notebooks via notebooklm-py and the ask_question flow, adding arbitrary URLs/YouTube links, and downloading from Z-Library via upload-url / upload-youtube / upload-zlib in SKILL.md and command files — and the agent is expected to read and act on that content (including follow-up queries and actions), so untrusted user-generated pages could inject instructions that affect tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches and indexes external content at runtime (e.g., NotebookLM notebook URLs like https://notebooklm.google.com/notebook/... and Z‑Library download URLs such as https://zh.zlib.li/book/...), which is injected into the model/NotebookLM context to generate answers and therefore can directly influence prompts/outputs.