nano-banana
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download of external dependencies by recommending the installation of MCP servers such as 'nanobanana-mcp' and 'nano-banana-mcp' from the NPM registry via npx. These packages are aligned with the skill's naming convention and are used for its core image generation functionality.
- [REMOTE_CODE_EXECUTION]: The skill configuration requires the execution of remote code through the npx command to run the nanobanana-mcp server. This is the standard operational procedure for MCP tools and is consistent with the skill's intended purpose.
- [PROMPT_INJECTION]: The skill includes a translator system prompt designed to convert natural language into structured JSON specifications. 1. Ingestion points: User-provided image descriptions and session history. 2. Boundary markers: Explicit instructions to output only valid JSON and the use of structural JSON schemas. 3. Capability inventory: Access to tools for generating and editing images (gemini_generate_image, gemini_edit_image). 4. Sanitization: Relies on structural validation and underlying model guardrails; no explicit prompt sanitization is mentioned.
Audit Metadata