gemini-forge
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Communicates with the well-known Google Generative Language API (googleapis.com) to perform code generation and image analysis.
- [COMMAND_EXECUTION]: Local scripts read user-specified files or directories and write generated code to the local file system. The
scripts/gemini_text.pyfile includes a security check to prevent path traversal when writing multi-file outputs. - [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface as it processes external content that is interpolated into instructions for the LLM.
- Ingestion points: Processes untrusted content from local files and directories (
scripts/load_design_system.py), user-provided images (scripts/screenshot_to_code.py), and natural language prompts (scripts/generate_ui.py). - Boundary markers: Employs Markdown headers and triple-dash (
---) separators to delimit external context from instructions. - Capability inventory: Performs network requests to API endpoints and writes content to the local disk in
scripts/gemini_text.py. - Sanitization: No explicit sanitization or filtering of external input content is implemented.
Audit Metadata