baoyu-danger-gemini-web
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill programmatically harvests Google session cookies (__Secure-1PSID, __Secure-1PSIDTS) via Chrome DevTools Protocol and saves them in plaintext JSON on disk in
scripts/gemini-webapi/utils/load-browser-cookies.ts. - [COMMAND_EXECUTION] (HIGH): The code spawns a browser process with the
--remote-debugging-portflag enabled to intercept site data and automate user sessions. - [PROMPT_INJECTION] (HIGH): The skill processes untrusted input from prompt files and images which can influence downstream actions involving file system access and cloud uploads in
scripts/gemini-webapi/utils/upload-file.ts. - [EXTERNAL_DOWNLOADS] (MEDIUM): The script saves content from external URLs to the local filesystem in
scripts/gemini-webapi/types/image.ts, which could lead to malicious file placement if the upstream API response is compromised.
Recommendations
- AI detected serious security threats
Audit Metadata