cninfo-to-notebooklm

Fail

Audited by Snyk on Jun 20, 2026

Risk Level: HIGH
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.95). Runtime path: scripts/download.py downloads outsider-authored PDF reports from public cninfo.com.cn (http://static.cninfo.com.cn/{adjunct_url}) and then scripts/upload.py uploads those PDFs as sources into NotebookLM, making their extracted text available to the agent’s LLM context.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I scanned the repository files for literal, high-entropy credentials.

Findings:

  • In scripts/download.py the class CnInfoDownloader hardcodes cookies:
  • "JSESSIONID": "9A110350B0056BE0C4FDD8A627EF2868"
  • This is a 32-character hex-like string that looks like a real session identifier (high entropy) and could grant access if valid. It meets the definition of a secret and should be treated as sensitive.
  • "insert_cookie": "37836164"
  • This is a short numeric value (low entropy). Per the rules (ignore simple/low-entropy values and setup-like values), I am not flagging it as a secret.

No other high-entropy API keys, private keys, tokens, or passwords were found in the skill content. Header values, URLs, CLI examples, prompts, and README examples are documentation and not secrets.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 20, 2026, 01:07 PM
Issues
2
Security Audit — snyk — cninfo-to-notebooklm