cninfo-to-notebooklm
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The
install.shscript andrequirements.txtspecify the installation ofnotebooklm-pyandhttpx. These are third-party packages from PyPI that do not originate from the defined trusted organizations, posing a supply chain risk. - [COMMAND_EXECUTION] (MEDIUM): The
scripts/upload.pyfile usessubprocess.runto orchestrate thenotebooklmCLI. It passes dynamic strings, such as stock names and notebook titles, as command arguments. While it avoidsshell=True, the safety of the CLI tool's argument parsing is unverified. - [REMOTE_CODE_EXECUTION] (MEDIUM): The installation process includes
playwright install chromium, which downloads and installs external browser binaries. This execution of remote binary code is a standard but high-privilege operation. - [PROMPT_INJECTION] (LOW): Indirect prompt injection surface detected via financial reports.
- Ingestion points: PDF reports downloaded from
cninfo.com.cn(referenced inscripts/run.pyanddownload.py). - Boundary markers: None; external PDF files are uploaded directly to the AI service as primary context sources.
- Capability inventory: Subprocess execution of
notebooklmCLI and file system cleanup (shutil.rmtree) inscripts/upload.pyandscripts/run.py. - Sanitization: The skill does not sanitize the contents of the downloaded PDFs before processing.
- [DATA_EXFILTRATION] (LOW): The skill is designed to transmit potentially sensitive financial data (A-share reports) to an external cloud service (Google NotebookLM). This is the intended behavior but represents data movement outside the local environment.
Audit Metadata