nano-banana-pro
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill specifies dependencies on 'google-genai' and 'pillow', which are standard packages fetched from the official Python Package Index (PyPI).
- [COMMAND_EXECUTION]: The skill uses 'uv run' to execute its internal Python script for image generation. The script performs legitimate file operations, such as creating directories and saving the generated image to a user-specified path.
- [DATA_EXFILTRATION]: Image prompts and input images are sent to Google's official Gemini API. This is the intended behavior of the skill and does not constitute unauthorized data exfiltration.
- [PROMPT_INJECTION]: The skill ingests user prompts and images which are processed by the Gemini model. While this creates a surface for indirect prompt injection, it is the primary intended function of the tool and is managed by the service provider's safety filters.
Audit Metadata