genimg-gemini-web
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Spawns a local Chrome or Chromium browser to facilitate authentication with Gemini Web. This is a core functional requirement used solely to synchronize session cookies.\n- [EXTERNAL_DOWNLOADS]: Fetches generated images, videos, and configuration data from official Google domains (
google.com,googleusercontent.com).\n- [PROMPT_INJECTION]: The skill ingests data from external sources and interpolates it into the LLM prompt, creating a surface for indirect prompt injection.\n - Ingestion points: Untrusted content is read from command-line arguments, stdin, and local files via
--promptfilesand--referenceflags inscripts/main.tsandscripts/executor.ts.\n - Boundary markers: No delimiters or isolation instructions are present to distinguish user-provided content from system instructions.\n
- Capability inventory: The skill can execute local browser processes, perform authenticated network requests to Google services, and write cookies, sessions, and media files to the local file system.\n
- Sanitization: External content is included in the prompt without escaping or validation.
Audit Metadata