nano-banana
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The
scripts/search_grounded_image.pyscript utilizes Google Search grounding, which allows the model to fetch data from the live web. This creates a surface where instructions embedded in external web content could potentially influence the image generation process.\n - Ingestion points:
scripts/search_grounded_image.py(external data via thegoogle_searchtool)\n - Boundary markers: Absent; the user prompt is passed directly to the model configuration without explicit delimiters to separate it from search-grounded data.\n
- Capability inventory: The script performs file-write operations to save generated images via
PIL.Image.save().\n - Sanitization: Absent; the script relies on the Google GenAI SDK and the model's internal safety filters.\n- Prompt Injection (SAFE): No evidence of instructions designed to bypass safety filters or override system prompts was found in the skill's code or documentation.\n- Data Exposure & Exfiltration (SAFE): API keys are managed through environment variables (
GEMINI_API_KEY). File operations are restricted to reading/writing image files as requested by the user, with no unauthorized network activity detected.\n- Unverifiable Dependencies (SAFE): The dependencies listed inrequirements.txt(google-genai,Pillow,pyyaml) are standard and reputable libraries.\n- Dynamic Execution (SAFE): No instances ofeval(),exec(), or other dynamic code execution methods were found in the provided scripts.
Audit Metadata