cninfo-to-notebooklm
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads financial reports from
cninfo.com.cn, which is the official disclosure platform for Chinese stocks. These downloads are necessary for the skill's stated functionality. - [COMMAND_EXECUTION]: The script
scripts/upload.pyutilizessubprocess.runto invoke thenotebooklmCLI tool. This is used to create notebooks and upload files. The implementation correctly passes arguments as a list, mitigating risks of shell injection. - [EXTERNAL_DOWNLOADS]: The installation process (
install.sh) downloads standard Python libraries and browser binaries for Playwright. These are well-known tools used for web automation and HTTP requests. - [SAFE]: The presence of hardcoded session cookies in
scripts/download.pyis used to authenticate with the CNinfo API and does not involve the collection or exfiltration of user credentials.
Audit Metadata