Skills
skills/delneg/nano-banana-pro-skill-grsai-com/gemini3pro/Gen Agent Trust Hub

gemini3pro

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The SKILL.md file contains instructions to install the uv tool using the command curl -LsSf https://astral.sh/uv/install.sh | sh. This is a piped remote execution pattern which downloads and executes a script directly from the internet with the user's local privileges without verification.
  • [DATA_EXFILTRATION] (LOW): The script scripts/query_gemini.py performs network operations targeting https://grsaiapi.com/v1/chat/completions. This domain is not included in the trusted whitelist of network sources.
  • [PROMPT_INJECTION] (LOW): The skill possesses a surface for indirect prompt injection as it integrates untrusted external data into LLM prompts without proper boundaries or sanitization.
  • Ingestion points: Untrusted data enters the agent context through the --prompt command-line argument and external image files provided via the --image argument in scripts/query_gemini.py.
  • Boundary markers: The script lacks any delimiters (e.g., XML tags or triple quotes) or system instructions to ignore embedded commands within the user-provided data.
  • Capability inventory: The script is capable of making outbound network requests (urllib.request.urlopen) and writing text to the local filesystem (Path.write_text).
  • Sanitization: No input validation, escaping, or filtering is applied to the prompt or image metadata before transmission to the API.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 10:46 PM