nano-banana-image
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the
mcp-nano-bananaPython package. This package is a vendor-owned resource associated with the author acedatacloud and is intended for tool-use integration. - [SAFE]: The documentation follows industry best practices by instructing users to store sensitive API credentials in environment variables (.env) rather than hardcoding them within the skill.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface as it processes untrusted user input for image generation and editing. * Ingestion points: Data enters the system via the
promptandimage_urlsparameters defined in SKILL.md. * Boundary markers: The interaction with the external API is handled using structured JSON requests. * Capability inventory: The skill is limited to performing API requests and does not possess capabilities for local file system modification or arbitrary command execution. * Sanitization: Content filtering and input validation are expected to be enforced by the external AceDataCloud backend service.
Audit Metadata