The Agent Skills Directory

[DATA_EXFILTRATION]: The skill accesses and extracts sensitive session cookies, specifically __Secure-1PSID and __Secure-1PSIDTS, from the user's browser profiles (Chrome, Edge, and Chromium). While these are used to authenticate with Google's Gemini services as part of the skill's core functionality, this represents a high-risk extraction of sensitive credentials.
[COMMAND_EXECUTION]: The skill utilizes browser automation through the Chrome DevTools Protocol (CDP). It programmatically attaches to running browser debugging ports or launches new browser instances to retrieve session information and automate the Gemini web interface.
[EXTERNAL_DOWNLOADS]: The skill depends on the third-party Node.js package baoyu-chrome-cdp, which is used for low-level browser communication and CDP session management.
[DATA_EXPOSURE]: It writes sensitive authentication tokens to a local cookies.json file in the user's data directory. It also stores session history and metadata in JSON files within a local sessions directory.
[INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes user-supplied prompt files and reference images without explicit boundary markers or sanitization, though its primary function is output generation rather than executing instructions found in that data.

baoyu-danger-gemini-web