Skills
skills/erafat/skills/baoyu-danger-gemini-web/Gen Agent Trust Hub

baoyu-danger-gemini-web

Fail

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [DATA_EXFILTRATION]: The skill automatically extracts sensitive authentication cookies, specifically __Secure-1PSID and __Secure-1PSIDTS, from local browser profiles (Chrome, Chrome Canary, Chromium, and Microsoft Edge). This is achieved by connecting to a browser instance via the Chrome DevTools Protocol (CDP) and executing Network.getCookies.
  • Evidence: scripts/gemini-webapi/utils/load-browser-cookies.ts uses cdp.send('Network.getCookies', { urls: [...] }) to retrieve session tokens.
  • [COMMAND_EXECUTION]: The skill spawns browser processes using high-risk flags including --remote-debugging-port and --user-data-dir. This configuration allows the skill to programmatically control the browser and access the full contents of the user's profile, including history, saved passwords, and session cookies.
  • Evidence: scripts/gemini-webapi/utils/load-browser-cookies.ts contains the launch_chrome function which executes spawn(chrome, args, ...) with debugging flags enabled.
  • [EXTERNAL_DOWNLOADS]: The execution instructions in SKILL.md and the usage examples rely on npx -y bun, which will download and execute the Bun runtime from a remote registry if it is not already present on the local system.
  • Evidence: SKILL.md usage section: npx -y bun ${SKILL_DIR}/scripts/main.ts "Your prompt".
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 26, 2026, 09:05 AM