baoyu-danger-gemini-web

Pass

Audited by Gen Agent Trust Hub on May 21, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill manages authentication using Google session cookies (__Secure-1PSID, __Secure-1PSIDTS). These are retrieved from the local browser and stored in the user's application data directory (e.g., ~/Library/Application Support/baoyu-skills/gemini-web/cookies.json).
  • [SAFE]: It utilizes the baoyu-chrome-cdp vendor resource to automate browser interactions for cookie extraction via the Chrome DevTools Protocol.
  • [SAFE]: Network communications are directed to official Google endpoints (gemini.google.com, accounts.google.com, content-push.googleapis.com) required for Gemini service functionality and authentication.
  • [SAFE]: A mandatory consent check and disclaimer flow are implemented, ensuring users are informed about the use of a reverse-engineered API before the skill becomes active.
  • [SAFE]: Command execution is limited to standard path resolution and environment detection, such as identifying Windows user profiles in WSL environments.
Audit Metadata
Risk Level
SAFE
Analyzed
May 21, 2026, 07:44 AM
Security Audit — agent-trust-hub — baoyu-danger-gemini-web