baoyu-danger-gemini-web
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill explicitly targets browser profile directories and cookie stores (Chrome, Edge, Chromium) to extract session information. Evidence includes the use of '--cookie-path', '--profile-dir', and environment variables like 'GEMINI_WEB_CHROME_PROFILE_DIR'.
- [DATA_EXFILTRATION] (HIGH): The primary function involves extracting session cookies from the local machine to authenticate against a reverse-engineered web API. This bypasses standard API security models and creates a path for session hijacking.
- [COMMAND_EXECUTION] (MEDIUM): The skill utilizes 'npx -y bun' to execute local TypeScript scripts (main.ts) that perform high-risk operations including reading browser databases and writing session files to disk.
- [PROMPT_INJECTION] (LOW): The skill provides a surface for indirect prompt injection. 1. Ingestion points: --promptfiles and --prompt arguments. 2. Boundary markers: Absent. 3. Capability inventory: Browser cookie extraction, file system read/write, and network access. 4. Sanitization: No sanitization logic is documented for the ingested files.
Recommendations
- AI detected serious security threats
Audit Metadata