notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly imports and processes untrusted public content (web URLs and YouTube via commands like "notebooklm source add "https://..."" and "notebooklm source add-research "query" --from web" shown in SKILL.md and the "Supported source types" list), and that imported content is read/used to drive chats and generate artifacts, so third-party pages could indirectly inject instructions that influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches arbitrary web sources at runtime (e.g., commands like notebooklm source add "https://..." / "https://url1.com") and then injects that fetched content into NotebookLM as context for chat and generation, meaning remote URLs can directly control prompts and outputs.