data-pro-max

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The .agent/skills/notebooklm/SKILL.md and its references (notebooklm/references/mcp_tools.md and best_practices.md) explicitly instruct the agent to add and query arbitrary web URLs, GDrive docs, PDFs and to import/discover web/Drive sources (e.g., source_add with url, research_start) and then read and act on NotebookLM-grounded responses, which means untrusted third‑party content from the open web can be ingested and materially influence the agent's follow-up queries and actions.