Skills
skills/delneg/nano-banana-pro-skill-grsai-com/nano-banana-pro-grsai/Gen Agent Trust Hub

nano-banana-pro-grsai

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The SKILL.md file recommends installing the uv tool using curl -LsSf https://astral.sh/uv/install.sh | sh. This 'pipe to shell' pattern is a high-risk practice as it executes unverified remote code directly in the terminal.
  • [EXTERNAL_DOWNLOADS] (LOW): The Python script makes network requests to grsaiapi.com and downloads files from external URLs provided by that API. These are not on the trusted whitelist.
  • [PROMPT_INJECTION] (LOW): The skill has an indirect prompt injection surface because it processes external API responses and local image files without sanitization, and has file-writing capabilities.
  • Ingestion points: args.input_image and API results in scripts/generate_image.py.
  • Boundary markers: None present.
  • Capability inventory: Network access via urllib and file writing to the local system.
  • Sanitization: No validation or escaping of API-returned content or URLs.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 18, 2026, 10:46 PM