The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/gemini-webapi/utils/load-browser-cookies.ts launches a system browser (such as Chrome, Edge, or Chromium) using child_process.spawn with the --remote-debugging-port and --user-data-dir flags. This setup creates a debugging bridge that allows the script to programmatically control the browser and access its internal state.
[CREDENTIALS_UNSAFE]: The skill implements a programmatic credential extraction routine. It connects to the debugging port of the launched browser via WebSockets and uses the Chrome DevTools Protocol (CDP) Network.getCookies command to capture sensitive authentication cookies, specifically __Secure-1PSID and __Secure-1PSIDTS. These session secrets are then stored in a local JSON file (cookies.json), posing a significant risk of account compromise or session hijacking if the system or the skill's data directory is accessed by an unauthorized party.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data—specifically generated text and images from a reverse-engineered API—while possessing powerful capabilities like process spawning and file system access. A malicious response from the upstream API could contain instructions designed to manipulate the agent into performing unauthorized actions through the skill's command-line interface.

baoyu-danger-gemini-web