I'll read safety doc.
In brief, there's only a GET input from a link such this:
and the output is only a zip file into public_html folder and a static html page to see what's happening. I guess it would be simple to control the content of three GET parameters and to stop the script if parameter content is unsafe.
What are the minimal, safest settings for epg_start.py file? is it safe a 777 mode?