Skills
skills/jimliu/baoyu-skills/baoyu-danger-gemini-web/Gen Agent Trust Hub

baoyu-danger-gemini-web

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes TypeScript scripts located in the scripts/ directory using the bun runtime or npx as a fallback.
  • [DATA_EXFILTRATION]: The skill extracts sensitive Google session cookies (__Secure-1PSID, __Secure-1PSIDTS) from browser profiles (Chrome, Edge, and Chromium) on the host system to authenticate with Gemini's web endpoints. This is a functional requirement for the reverse-engineered API access.
  • [CREDENTIALS_UNSAFE]: Extracted session cookies are stored in a local JSON file within the user's application data directory (e.g., ~/Library/Application Support/baoyu-skills/gemini-web/cookies.json) to maintain persistent sessions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 06:19 AM