Skills
skills/emdashcodes/claude-code-plugins/nano-banana-image-editor/Gen Agent Trust Hub

nano-banana-image-editor

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • CREDENTIALS_UNSAFE (MEDIUM): The setup-gemini-token.py script takes the Gemini API key as a command-line argument, which can be exposed in shell history or process lists. The key is subsequently stored in plain text in a .nano-banana-config.json file at ../../../../, which is outside the skill's directory and potentially accessible to other system components.
  • PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection. Mandatory Evidence Chain: 1. Ingestion points: prompt argument in scripts/create_image.py and scripts/edit_image.py. 2. Boundary markers: Absent. 3. Capability inventory: Network access (Gemini API) and file system write (output image). 4. Sanitization: Absent.
  • EXTERNAL_DOWNLOADS (SAFE): The install_dependencies.sh script uses pip to install google-genai and Pillow. These are reputable packages from PyPI, and the downloads are considered safe under the TRUST-SCOPE-RULE.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 07:31 AM