nano-banana-2

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly accepts a user-provided API key via a --api-key argument (and shows examples embedding KEY in command lines), which requires the LLM to include secret values verbatim in generated commands—an exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Suspicious — this is a direct link to a remote installer shell script (install.sh) on a non-obvious single-domain (astral.sh) and the skill explicitly suggests piping curl to sh, which can execute arbitrary remote code and is high-risk unless the domain and script are verified.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The script calls the chat completion endpoint https://grsaiapi.com/v1/chat/completions at runtime to fetch an "enhanced" prompt whose returned text is directly used as the generation prompt (enhancement is ON by default), so this external URL can directly control the agent's prompts.