nano-banana-image-generator
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The
generate_image.pyscript usessubprocess.runto call the system's 'open' utility. This is a convenience feature intended to display generated images to the user upon completion. - [EXTERNAL_DOWNLOADS]: The skill utilizes the official
google-genailibrary to communicate with Google's image generation services. This is a legitimate and expected function of the skill. - [PROMPT_INJECTION]: The skill's workflow includes sourcing data from external websites to inform the image generation process. 1. Ingestion points: Results from WebSearch and WebFetch are used to source reference details for subjects (SKILL.md). 2. Boundary markers: Absent; user input and web data are interpolated into prompt templates. 3. Capability inventory: The skill can execute network requests to the Gemini API and local system commands. 4. Sanitization: Absent; the skill relies on the LLM's internal safety guardrails for prompt construction.
Audit Metadata