nano-banana-2
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The Troubleshooting section in SKILL.md contains instructions for the user to install the uv package manager by downloading and executing a shell script from astral.sh, a well-known technology provider.- [EXTERNAL_DOWNLOADS]: The scripts/generate_image.py script downloads generated image files from remote URLs returned by the vendor's API. Additionally, the skill references an external installation script for the uv utility.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it incorporates untrusted data into its execution flow.
- Ingestion points: The user-provided --prompt and --input-image arguments in scripts/generate_image.py.
- Boundary markers: Absent; user input is directly included in the JSON payload for API requests and prompt enhancement templates.
- Capability inventory: scripts/generate_image.py can perform network requests to multiple endpoints and write files to the local file system.
- Sanitization: Absent; the script does not validate or escape the content of the user prompt before sending it to the LLM or image generation model.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata