notebooklm-federated-specs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly adds and ingests arbitrary public URLs as notebook sources (see SKILL.md "On-Demand Research" and scripts/research-question.sh which call notebooklm_source_add with url like "https://oauth.net/2/"), and the agent reads and uses that untrusted third-party content to generate analyses/media that can materially influence decisions and actions, creating risk of indirect prompt injection.