setup-browser-cookies
Fail
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill is designed to extract and decrypt sensitive cookies from various browsers (Chrome, Edge, Brave, etc.). It explicitly attempts to access the macOS Keychain to retrieve the decryption keys required to read these credentials.\n- [COMMAND_EXECUTION]: The skill identifies and executes local binaries located in the current directory or the user's home directory. It runs subcommands like
cookie-import-browserto perform its core functions.\n- [EXTERNAL_DOWNLOADS]: During setup, the skill downloads and executes an installation script fromhttps://bun.sh/install. While this is a well-known source, it introduces an external dependency into the execution environment.\n- [REMOTE_CODE_EXECUTION]: The skill utilizes acurl | bashpattern to execute the Bun installer script directly from a remote URL during its setup phase.\n- [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection via the--domainparameter.\n - Ingestion points: User input provided as a domain argument for the cookie import command.\n
- Boundary markers: The skill does not use specific delimiters to isolate user-provided domain strings from the command execution context.\n
- Capability inventory: The skill possesses the
Bashtool permission, allowing it to execute arbitrary shell commands if the input is not sanitized.\n - Sanitization: There is no evidence of sanitization or escaping of the domain string before it is interpolated into the shell command.
Recommendations
- HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
Audit Metadata