gemini-forge
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices for local environment interactions. Specifically, the
save_codefunction inscripts/gemini_text.pyincludes a robust check to prevent path traversal, ensuring that generated files are only written within the intended output directory. - [DATA_EXFILTRATION]: The skill reads local files (such as screenshots, CSS tokens, and design briefs) to provide context for AI generation. This data is transmitted only to the official Google Gemini API (
generativelanguage.googleapis.com) for processing. There is no evidence of the scripts accessing sensitive system directories (like.sshor.aws) or harvesting credentials. - [PROMPT_INJECTION]: The skill ingests untrusted data from design system files and user prompts to generate code. While this provides a surface for indirect prompt injection, the risk is inherent to the tool's primary purpose. The skill uses clear boundary markers in its prompt templates to separate user data from instructions, which helps mitigate accidental obedience to embedded commands.
Audit Metadata