nano-banana-image-generator
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8).\n
- Ingestion points: In
SKILL.md, the workflow encourages the agent to useWebSearchorWebFetchto find high-resolution reference images from external domains such as Wikipedia or professional press sites.\n - Boundary markers: While the skill uses structured prompt templates (e.g.,
CONCEPT:,STYLE:), it lacks explicit delimiters or instructions to disregard instructions potentially embedded in metadata or surrounding text of retrieved external assets.\n - Capability inventory: The accompanying script
scripts/generate_image.pycan write files to the local filesystem, make network requests to the Gemini API, and execute local system commands viasubprocess.\n - Sanitization: No sanitization or validation logic is present to filter content retrieved from external web sources before it is incorporated into the agent's context or generation prompts.\n- [COMMAND_EXECUTION]: The
scripts/generate_image.pyscript utilizessubprocess.runto call the macOSopencommand. This is used to display generated images in the default system application, which is a common productivity feature.\n- [EXTERNAL_DOWNLOADS]: The skill relies on well-known and trusted external resources, including thegoogle-genaiandpillowPython libraries, and the official Google Gemini API endpoints.
Audit Metadata