Skills
skills/agricidaniel/banana-claude/banana/Gen Agent Trust Hub

banana

Warn

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script scripts/setup_mcp.py configures the Claude Code environment to run a remote package using npx -y @ycse/nanobanana-mcp. This allows for the download and execution of arbitrary code from the npm registry every time the MCP server is initialized.
  • [EXTERNAL_DOWNLOADS]: The skill's setup process fetches external code from the npm registry and directs users to install external binaries such as ImageMagick and FFmpeg for post-processing tasks.
  • [PROMPT_INJECTION]: The file references/prompt-engineering.md contains a section titled 'Safety Filter Rephrase Strategies' which provides the agent with specific patterns (abstraction, metaphor, artistic framing) to circumvent safety filters that block restricted content.
  • [COMMAND_EXECUTION]: The skill uses shell commands via npx for MCP execution and instructs the agent to use subprocesses for image manipulation tools like magick, convert, and ffmpeg.
  • [CREDENTIALS_UNSAFE]: The fallback scripts scripts/generate.py and scripts/edit.py transmit the Google AI API key as a query parameter in the URL string (?key={api_key}), which is a discouraged practice as it can lead to credential leakage in server logs and browser histories.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 14, 2026, 07:29 AM