banana
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configures an MCP server by fetching the
@ycse/nanobanana-mcppackage from the NPM registry usingnpxduring the setup process. NPM is a well-known service for package distribution. - [DATA_EXFILTRATION]: Fallback scripts (
generate.py,edit.py) communicate directly with Google's official generative language API (generativelanguage.googleapis.com). This domain belongs to a well-known service provider and is used for the skill's primary function. - [COMMAND_EXECUTION]: The skill utilizes standard system-level command-line tools such as ImageMagick (
magick/convert), FFmpeg, and Potrace for image post-processing tasks like resizing, background removal, and format conversion. - [COMMAND_EXECUTION]: The setup script (
setup_mcp.py) modifies the local agent configuration (~/.claude/settings.json) to integrate the MCP server, which is a standard procedure for enabling third-party tool extensions. - [COMMAND_EXECUTION]: Local scripts manage data within the user's home directory, specifically for cost logging (
~/.banana/costs.json), brand presets (~/.banana/presets/), and generated image storage (~/Documents/nanobanana_generated/). These operations are consistent with the skill's documented functionality. - [PROMPT_INJECTION]: The skill implements a 'Reasoning Brief' system that explicitly instructs the agent to analyze and wrap user input rather than passing it directly to the API, which serves as a mitigation against potential prompt injection attacks.
Audit Metadata