nano-banana-pro
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script 'scripts/generate_image_boluobao.py' uses the 'subprocess' module to execute the system command 'pass show api/boluobao' to programmatically retrieve API credentials.
- [CREDENTIALS_UNSAFE]: The skill is designed to automatically attempt to read sensitive API keys from the local system's password store ('pass') and environment variables ('GEMINI_API_KEY', 'BOLUOBAO_API_KEY'), exposing these secrets to the skill's execution environment.
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to 'apipark.boluobao.ai' to facilitate image generation and downloads the resulting image files to the local system.
- [DATA_EXFILTRATION]: User-provided prompts and image editing instructions are transmitted to a third-party image generation service (Boluobao) that is not part of the verified trusted vendor list.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: User instructions are passed directly to the '--prompt' argument in 'scripts/generate_image.py'. Boundary markers: No delimiters are used to separate user content from system instructions. Capability inventory: 'scripts/generate_image.py' has network access and file-system write permissions. Sanitization: Input data is interpolated directly into API request fields without escaping or validation.
Audit Metadata