nanobanana-2-image-generation
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes requests to Google's Generative Language API to perform image generation and editing tasks.
- Evidence:
scripts/nanobanana-cli.jsuses the globalfetchAPI to communicate withhttps://generativelanguage.googleapis.com/v1beta/models/. - [COMMAND_EXECUTION]: The skill uses a local Node.js script as a wrapper to execute generation workflows.
- Evidence:
scripts/nanobanana-cli.jsis the primary execution tool for processing prompts and images. - [DATA_EXFILTRATION]: User-provided prompts and local reference images are sent to Google's infrastructure for processing.
- Evidence: The CLI script reads local files via
fs.readFileSyncand includes their Base64-encoded content in the JSON payload sent to the API. - [PROMPT_INJECTION]: The CLI script includes logic to dynamically extract an output directory path from the user's natural language prompt.
- Ingestion points: User prompt argument in
scripts/nanobanana-cli.js. - Boundary markers: No explicit markers are used to isolate the path-extraction logic from adversarial prompt content.
- Capability inventory:
fs.mkdirSyncandfs.writeFileSyncare used inscripts/nanobanana-cli.jsto create directories and write files based on inferred paths. - Sanitization: The script uses
path.resolveand ignores strings that look like URLs, though it does not implement a strict whitelist of allowed directories.
Audit Metadata