notebooklm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests arbitrary public web content (SKILL.md "Add a URL" / "research" and the INSTALL_PROMPT) and the CLI implementation (scripts/nlm.py cmd_add_source and cmd_research) sends that untrusted third‑party content into NotebookLM which the agent reads and uses to produce answers and drive follow-up actions (reports, artifacts, slide generation), so external pages could indirectly inject instructions that affect agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The install instructions explicitly fetch and install remote code that will be executed (e.g., cloning https://github.com/robonuggets/notebooklm-skill and pip-installing notebooklm-py from https://github.com/teng-lin/notebooklm-py — including the api.github.com call to get the latest tag), so these URLs are used during setup/runtime to retrieve and run third‑party code.