Back to skill

Security audit

Gemini Web Automation Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Gemini web automation helper, but users should understand it may use a browser session and send prompts or uploaded files to Gemini.

Install only if you intentionally want an agent to operate Gemini Web for you. Do not send confidential prompts, images, or files unless you are comfortable sharing them with Gemini/Google, and expect local browser session data or login state to be created or reused.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill description uses very broad trigger phrases such as '帮我问 Gemini' and '用 Gemini 回答', which can match ordinary requests without making clear that a real browser session will be driven against a third-party web service. This can cause the agent to invoke external automation unexpectedly, sending user content to Gemini and launching Chrome when the user may only have wanted local assistance or informational guidance.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents automatic environment recovery, Chrome launch, and creation of local runtime data such as userdata/, but it does not warn the user that these side effects may occur. Hidden local side effects are risky because they can surprise users, alter their system state, and create residual browser/session artifacts without informed consent.

Missing User Warnings

High
Confidence
98% confidence
Finding
The description says the skill can send prompts, upload images or files, and obtain Gemini replies, but it does not clearly warn that this transmits user-provided content to an external web service. This is a significant privacy issue because users may provide sensitive text, images, or documents without realizing they are being sent outside the local environment.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.