baoyu-danger-gemini-web
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill programmatically extracts sensitive Google session cookies (__Secure-1PSID and __Secure-1PSIDTS) from local browser profiles (Chrome, Edge, Chromium) via the Chrome DevTools Protocol. These credentials are saved to a local JSON file (cookies.json) in the user's data directory for persistence and automatic refreshing.
- [COMMAND_EXECUTION]: The skill uses child_process.spawn to launch external browser binaries with debugging flags to facilitate cookie extraction. It also executes system commands via child_process.execSync to run cmd.exe and wslpath for resolving Windows home directory paths when running within a WSL environment.
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to well-known Google domains (gemini.google.com, accounts.google.com, googleusercontent.com) to generate content and download images.
Audit Metadata