setup-browser-cookies
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the Bun installation script from the official
bun.shdomain during setup. The process includes a SHA-256 checksum verification to ensure the script's integrity before execution. - [COMMAND_EXECUTION]: Executes various local utility binaries and shell scripts (e.g.,
gstack-config,gstack-slug,gstack-repo-mode) to manage session state, project configuration, and update checks. - [DATA_EXFILTRATION]: Contains logic to log skill usage telemetry, including duration and outcome. This behavior is user-configurable and requires explicit consent through interactive prompts.
- [PROMPT_INJECTION]: Includes instructions that guide the agent on how to handle 'plan mode' and suggests routing rules for the project's
CLAUDE.mdfile to influence future skill selection. - [CREDENTIALS_UNSAFE]: Accesses sensitive local browser cookies to enable authenticated browsing. This is the primary function of the skill and is handled via an interactive user interface to ensure the user controls which domains are imported.
Audit Metadata