cninfo-to-notebooklm

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads financial reports from cninfo.com.cn, which is the official disclosure platform for Chinese stocks. These downloads are necessary for the skill's stated functionality.
  • [COMMAND_EXECUTION]: The script scripts/upload.py utilizes subprocess.run to invoke the notebooklm CLI tool. This is used to create notebooks and upload files. The implementation correctly passes arguments as a list, mitigating risks of shell injection.
  • [EXTERNAL_DOWNLOADS]: The installation process (install.sh) downloads standard Python libraries and browser binaries for Playwright. These are well-known tools used for web automation and HTTP requests.
  • [SAFE]: The presence of hardcoded session cookies in scripts/download.py is used to authenticate with the CNinfo API and does not involve the collection or exfiltration of user credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 01:08 PM
Security Audit — agent-trust-hub — cninfo-to-notebooklm