nano-banana
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes external data (prompts and images) through an AI model, which is a potential surface for indirect injection attacks. However, this is inherent to multimodal AI capabilities and the skill's operations are limited to image generation and local file writing. Ingestion points: User-supplied prompt text and local image files provided via the --prompt and --input-image arguments in scripts/generate_image.py. Boundary markers: Absent. Capability inventory: Network requests to the Gemini API and file system writes in scripts/generate_image.py. Sanitization: None.
- [EXTERNAL_DOWNLOADS]: The skill uses the official google-genai and pillow libraries as dependencies, which are retrieved from standard package registries during execution.
- [COMMAND_EXECUTION]: The agent is instructed to execute a local Python script to perform image operations. The script logic is transparent and focuses on API interaction and file handling.
Audit Metadata