baoyu-danger-gemini-web

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] The skill is conceptually coherent with its stated purpose (a reverse-engineered Gemini Web client for text and image generation) and its requested permissions (file reads/writes, cookies, browser profile) are explainable by the features. The main security concerns are: 1) it relies on a reverse-engineered, unofficial API (may break and is less auditable), 2) it reads/writes sensitive artifacts (cookies, Chrome profile paths, session files) which could expose Google authentication/session credentials if the user supplies existing profile/cookie locations, and 3) without reviewing the scripts, we cannot confirm whether network traffic is sent only to Google endpoints or also to third-party hosts. On the provided evidence there is no clear sign of obfuscated or intentionally malicious code, but the credential handling and unofficial API usage elevate the risk. Recommend inspecting scripts/main.ts and gemini_webapi implementation to confirm endpoints and cookie handling before use; treat cookie/profile inputs cautiously. LLM verification: The SKILL.md is internally consistent: requested permissions (prompt files, reference images, browser profile/cookies, session persistence) align with the tool’s stated purpose of acting as a reverse-engineered Gemini Web client. The primary security concern is the sensitive credential access (browser cookies/profile) combined with the absence of explicit, auditable network endpoints — this makes it impossible to rule out credential exfiltration. No direct evidence of obfuscation or active malic