gemini

This script is not obfuscated and does not contain obvious destructive payloads, but it implements remote execution of JavaScript in a browser tab via MQTT and reads potentially sensitive DOM content (contenteditable fields, prompt boxes). That behavior can be used for data exfiltration of user input or prompts. The immediate malware likelihood is low given the benign-seeming intent (DOM inspection), but the capability is a high-risk primitive (remote code execution + data retrieval) if misused or if broker/command channels are accessible by untrusted parties. Recommend restricting MQTT access, authenticating/authorizing command topics, avoiding hardcoded tab identifiers, and ensuring exec_script usage is tightly controlled and audited.

SUSPICIOUS: the stated purpose matches browser automation for Gemini, but the skill’s main dependency is an unverifiable browser extension that can read page content and execute browser actions. Data flow is mostly local via MQTT and no explicit credential theft is shown, yet the unverified extension makes the overall footprint high-risk for an AI agent skill.