baoyu-danger-gemini-web
Pass
Audited by Gen Agent Trust Hub on May 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill manages authentication using Google session cookies (
__Secure-1PSID,__Secure-1PSIDTS). These are retrieved from the local browser and stored in the user's application data directory (e.g.,~/Library/Application Support/baoyu-skills/gemini-web/cookies.json). - [SAFE]: It utilizes the
baoyu-chrome-cdpvendor resource to automate browser interactions for cookie extraction via the Chrome DevTools Protocol. - [SAFE]: Network communications are directed to official Google endpoints (
gemini.google.com,accounts.google.com,content-push.googleapis.com) required for Gemini service functionality and authentication. - [SAFE]: A mandatory consent check and disclaimer flow are implemented, ensuring users are informed about the use of a reverse-engineered API before the skill becomes active.
- [SAFE]: Command execution is limited to standard path resolution and environment detection, such as identifying Windows user profiles in WSL environments.
Audit Metadata