The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the node:child_process module to spawn browser processes (Chrome, Edge, or Chromium) on the local system. It specifically uses the --remote-debugging-port flag to enable programmatic control via the Chrome DevTools Protocol (CDP), which is a high-privilege capability.- [DATA_EXFILTRATION]: The skill programmatically extracts sensitive Google authentication cookies (__Secure-1PSID and __Secure-1PSIDTS) from the browser instance. These tokens provide full session access to the user's Google account and are stored in a local JSON file (cookies.json) in the application's data directory. While traffic is sent to Google domains, the ability to harvest and store these credentials requires careful review.- [EXTERNAL_DOWNLOADS]: The skill fetches generated images and API data from Google-controlled domains, including gemini.google.com, google.com, and googleusercontent.com.- [PROMPT_INJECTION]: The skill includes an attack surface for indirect prompt injection. It ingests data from local files via the --promptfiles argument (as seen in scripts/main.ts) and concatenates this content directly into the prompt sent to the LLM without boundary markers or sanitization. This allows malicious instructions within processed files to potentially override agent behavior, especially given the skill's capabilities for browser automation and file writing.

canghe-danger-gemini-web