gemini-claude-resonance
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill manages API keys using environment variables and the python-dotenv library, which is a standard security best practice to prevent credential exposure. All network communication is directed to official, trusted API endpoints for Google and Anthropic.
- [EXTERNAL_DOWNLOADS]: The skill interacts with verified external services (Google Gemini and Anthropic Claude) to facilitate text analysis and image generation. These interactions are necessary for the skill's documented purpose and target well-known, trusted organizations.
- [COMMAND_EXECUTION]: Local file system operations are restricted to reading reference images and writing generated content to the internal project canvas directory. There are no attempts to access sensitive system files or execute arbitrary commands.
- [PROMPT_INJECTION]: The skill acts as an interface for user-supplied prompts. While it processes external data, it mitigates potential risks through the use of structured prompt templates and filename sanitization for saved assets.
- Ingestion points: User-provided text and image inputs enter the system via WebSockets in ui/server.py and CLI arguments in individual scripts.
- Boundary markers: The skill uses specific text delimiters and persona framing to differentiate between system instructions and user-provided topics.
- Capability inventory: The skill performs API requests to trusted vendors and writes media files to local storage.
- Sanitization: A dedicated sanitize_filename function in ui/server.py ensures that user input cannot be used for path traversal or malicious file naming.
Audit Metadata