meihua-yishu
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructs users to execute a command that lowers system security:
chrome --remote-debugging-port=9222. This exposes the Chrome DevTools Protocol (CDP) to any script running on the local machine. - [CREDENTIALS_UNSAFE] (HIGH): The script
scripts/meihua_gemini.pyis designed to interact with a live, logged-in session ofgemini.google.comvia CDP. This mechanism provides the script with the same level of access as the user, allowing it to read private conversations, session tokens, and cookies without using an official API. - [EXTERNAL_DOWNLOADS] (LOW): The skill requires the installation of the
websocketsPython package from PyPI to facilitate the browser communication. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill utilizes 'AI Deep Reading' with 'web search grounding'. This creates an ingestion point for untrusted data from the internet which could contain malicious instructions designed to influence the agent's output or strategic advice.
- Ingestion points: Web search results processed in
scripts/meihua_gemini.py. - Boundary markers: None identified in the documentation.
- Capability inventory: Browser automation via CDP, local Python execution.
- Sanitization: No sanitization logic for web content is described.
Recommendations
- AI detected serious security threats
Audit Metadata