jimeng-login
Warn
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill includes instructions to extract sensitive session data using
document.cookievia JavaScript execution. - [CREDENTIALS_UNSAFE]: The skill directs the agent to store these extracted authentication cookies in a local file at
memory/jimeng-cookies-backup.json, which exposes authentication tokens to anything that can read the skill's memory context. - [COMMAND_EXECUTION]: The skill uses the
evaluatefunctionality to execute arbitrary JavaScript code within the browser context to interact with page elements and retrieve session data.
Audit Metadata