nano-banana-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses standard Node.js package managers to install well-known and legitimate libraries. No arbitrary command execution was detected.
- [DATA_EXFILTRATION] (SAFE): Data transmission is limited to reputable services including Google, Vercel, and Upstash. No exfiltration of sensitive files or hardcoded credentials was found.
- [CREDENTIALS_UNSAFE] (SAFE): The documentation correctly identifies hardcoding API keys as a security risk and provides patterns for using environment variables with server actions.
- [REMOTE_CODE_EXECUTION] (SAFE): No patterns for remote code execution or dynamic execution of untrusted code were identified.
- [SAFE] (SAFE): The implementation follows standard safety patterns for AI applications, including proper error handling for content policy violations and secure data ingestion points for user prompts.
Audit Metadata