notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill autonomously opens and scrapes arbitrary NotebookLM notebook pages (see scripts/ask_question.py which loads --notebook-url and the SKILL.md "SMART ADD" workflow that instructs querying notebook URLs) so user-uploaded / public notebook content is ingested and can directly influence metadata, follow-up queries, and subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill launches a browser at runtime to navigate to and interact with NotebookLM (https://notebooklm.google.com), and it ingests the notebook's responses to drive model answers and follow-up prompts, so this external URL directly controls prompts and is required for the skill to function.