nano-banana2-gen-image
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): A functional API key (ak=gGoT3706okXuOVHBBhA1SBG8erOvgihU_GPT_AK) is hardcoded directly into the URL strings within both the Python example code and the Bash curl command. This exposes the credential to anyone who can read the skill file.
- [PROMPT_INJECTION] (MEDIUM): The skill defines an indirect prompt injection surface by ingesting untrusted text (prompt) and interpolating it directly into a JSON payload sent to an external model. This is categorized as MEDIUM as the primary output modality is an image, limiting immediate downstream text-based attacks but remaining an ingestion risk.
- [COMMAND_EXECUTION] (LOW): The skill includes Python code and shell commands for performing network requests and file system operations (writing images). These are consistent with the tool's purpose but represent capabilities that require restricted access in a production environment.
Recommendations
- AI detected serious security threats
Audit Metadata