Skills
skills/cailmdaley/skills/nano-banana/Gen Agent Trust Hub

nano-banana

Warn

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The use of the '--yolo' flag in CLI commands is a security concern as it is documented to auto-approve tool actions, effectively bypassing human-in-the-loop or tool-level safety confirmations.
  • [EXTERNAL_DOWNLOADS]: The documentation includes instructions to install an extension from an unverified GitHub repository ('https://github.com/gemini-cli-extensions/nanobanana'), which has not been identified as a trusted vendor.
  • [PROMPT_INJECTION]: The skill's metadata contains a 'REQUIRED' directive intended to force the agent to use this specific skill for all image-related requests, which acts as a form of instructional override.
  • [COMMAND_EXECUTION]: There is a risk of shell command injection due to the way user-provided strings are interpolated into CLI commands (e.g., 'gemini --yolo "/generate '{prompt}'"') without explicit sanitization or boundary markers.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 12:00 PM