cninfo-to-notebooklm
Fail
Audited by Snyk on Jun 20, 2026
Risk Level: HIGH
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.95). Runtime path:
scripts/download.pydownloads outsider-authored PDF reports from public cninfo.com.cn (http://static.cninfo.com.cn/{adjunct_url}) and thenscripts/upload.pyuploads those PDFs as sources into NotebookLM, making their extracted text available to the agent’s LLM context.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I scanned the repository files for literal, high-entropy credentials.
Findings:
- In scripts/download.py the class CnInfoDownloader hardcodes cookies:
- "JSESSIONID": "9A110350B0056BE0C4FDD8A627EF2868"
- This is a 32-character hex-like string that looks like a real session identifier (high entropy) and could grant access if valid. It meets the definition of a secret and should be treated as sensitive.
- "insert_cookie": "37836164"
- This is a short numeric value (low entropy). Per the rules (ignore simple/low-entropy values and setup-like values), I am not flagging it as a secret.
No other high-entropy API keys, private keys, tokens, or passwords were found in the skill content. Header values, URLs, CLI examples, prompts, and README examples are documentation and not secrets.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W008
HIGHSecret detected in skill content (API keys, tokens, passwords).
Audit Metadata