Skills
skills/zsyggg/paper-craft-skills/baoyu-gemini-web/Gen Agent Trust Hub

baoyu-gemini-web

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE] (HIGH): The skill identifies and stores high-value Google authentication cookies like __Secure-1PSID and __Secure-1PSIDTS in a local JSON file. * Evidence: scripts/cookie-store.ts defines and writes these cookies to disk. * Impact: These session cookies permit an attacker to hijack the user's Google session, bypassing multi-factor authentication (MFA).
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection as it ingests untrusted data from files or stdin without sanitization. * Ingestion points: CLI arguments (--promptfiles) and stdin. * Boundary markers: No delimiters or protective instructions are used to wrap external content. * Capability inventory: The skill can generate text, images, and videos. * Sanitization: No input validation or escaping logic is implemented.
  • [COMMAND_EXECUTION] (LOW): The skill utilizes the Bun runtime and automates browser interaction for cookie retrieval. * Evidence: Usage of npx -y bun and getGeminiCookieMapViaChrome logic.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:07 PM