Skills
skills/xy121718/baoyu-skills/baoyu-danger-gemini-web/Gen Agent Trust Hub

baoyu-danger-gemini-web

Warn

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses child_process.spawn to launch a web browser with the --remote-debugging-port flag, enabling programmatic control via the Chrome DevTools Protocol (CDP). Evidence in scripts/gemini-webapi/utils/load-browser-cookies.ts.
  • [CREDENTIALS_UNSAFE]: The skill extracts Google session cookies and stores them in a local cookies.json file. It also fails to implement the consent check described in SKILL.md. Evidence in scripts/gemini-webapi/utils/load-browser-cookies.ts and scripts/gemini-webapi/utils/cookie-file.ts.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with well-known Google domains (gemini.google.com, googleapis.com) for its core generation features.
  • [PROMPT_INJECTION]: This skill provides an indirect prompt injection surface. 1. Ingestion points: Data enters via --promptfiles in scripts/main.ts and API responses in scripts/gemini-webapi/client.ts. 2. Boundary markers: None present. 3. Capability inventory: Subprocess spawning, filesystem writes, and network access. 4. Sanitization: Basic HTML decoding is performed without structural validation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 2, 2026, 09:52 AM