The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill uses child_process.spawn to launch browser executables (Chrome, Edge, Chromium) found on the system in scripts/gemini-webapi/utils/load-browser-cookies.ts. It enables --remote-debugging-port, which opens a local network port allowing any process on the machine to control the browser and access its data.
[CREDENTIALS_UNSAFE] (HIGH): The skill programmatically extracts sensitive Google authentication cookies (__Secure-1PSID and __Secure-1PSIDTS) from the user's browser profile. This bypasses standard security boundaries for session data and places the user's Google account at risk if the skill's environment or data directory is compromised.
[EXTERNAL_DOWNLOADS] (HIGH): A path traversal vulnerability exists in scripts/gemini-webapi/types/image.ts. The save method derives the local filename directly from the URL using this.url.split('/').pop(). A malicious URL containing path traversal sequences (e.g., ../../.bashrc) could be used to overwrite sensitive files when the agent is instructed to save a 'generated' image.
[COMMAND_EXECUTION] (MEDIUM): The SKILL.md instructions encourage usage via npx -y bun, which automatically downloads and executes packages, potentially leading to supply chain risks if dependencies are hijacked.
[DATA_EXFILTRATION] (LOW): While the skill sends cookies to legitimate Google endpoints (gemini.google.com), the automated movement of browser cookies to a CLI-accessible file (cookies.json) significantly increases the attack surface for sensitive data.

baoyu-danger-gemini-web