blog-image
Warn
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill contains explicit instructions to circumvent platform safety guardrails (specifically 'IMAGE_SAFETY' and 'SAFETY' filters). It directs the agent to 'auto-rephrase and retry' up to three times when content is blocked, using techniques such as 'positive framing' and 'softening' dramatic descriptions to bypass server-side output analysis.
- [EXTERNAL_DOWNLOADS]: The setup process installs and executes the '@ycse/nanobanana-mcp' package from the NPM registry via 'npx'. This is an external dependency from a third-party source not listed as a trusted vendor.
- [COMMAND_EXECUTION]: The skill utilizes shell commands via the Bash tool to execute image post-processing tasks with ImageMagick ('magick' or 'convert'). Additionally, it executes local Python scripts ('setup_image_mcp.py' and 'validate_image_setup.py') to automate environment configuration and directory management.
- [CREDENTIALS_UNSAFE]: The 'setup_image_mcp.py' script is designed to handle the 'GOOGLE_AI_API_KEY', writing it into local configuration files such as '.mcp.json' or the global '~/.claude/settings.json'. This involves the persistent storage and management of sensitive API credentials within the filesystem.
Audit Metadata