nano-banana-edit
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes external user-supplied strings and image URLs which are eventually passed to a generative model.
- Ingestion points: User-provided prompt and image_urls array defined in the schema in
SKILL.md. - Boundary markers: The prompt is structured within a JSON payload to prevent local shell expansion during command execution.
- Capability inventory: The skill executes the
runcomfyCLI and interacts with the vendor's model API. - Sanitization: The skill documentation explicitly warns about image-based prompt injection risks and confirms the CLI transmits the JSON body directly to the API without shell interpolation.
- [COMMAND_EXECUTION]: The skill utilizes a CLI tool to communicate with a remote image processing service.
- Evidence: Orchestrates local execution of
runcomfy run google/nano-banana-2/editto perform image edits. - [EXTERNAL_DOWNLOADS]: The skill depends on a specific vendor-provided command-line utility for its functionality.
- Evidence: Directs the user to install
@runcomfy/clivianpmas a prerequisite.
Audit Metadata