gemini-context-bridge
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): The skill uses strong directives such as 'MANDATORY' and 'STOP' to ensure the agent uses the correct documentation skill. These are functional constraints to improve accuracy rather than attempts to bypass safety filters or extract system prompts.
- [DATA_EXFILTRATION] (SAFE): Analysis of the file paths (CLAUDE.md, GEMINI.md, .gemini/settings.json) shows they are standard project configuration files. No sensitive directories (~/.ssh, ~/.aws) or network tools (curl, wget) are utilized.
- [COMMAND_EXECUTION] (SAFE): While 'Bash' is an allowed tool, the instructions only suggest using 'diff' for comparing text files, which is a benign operation.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to read and process project-level markdown files which could be modified by third parties in a shared repository.
- Ingestion points: Reads
CLAUDE.mdandGEMINI.mdvia the Read tool. - Boundary markers: None; the skill directly extracts sections like 'Conventions' and 'Build Commands'.
- Capability inventory: Includes the 'Bash' tool, which could execute commands if the agent is tricked by malicious content inside the read files.
- Sanitization: None; the workflow relies on standard markdown extraction.
Audit Metadata