nano-banana
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). The skill ingests untrusted user input via the 'prompt' parameter and processes it through an external API. 1. Ingestion points: The 'prompt' parameter in SKILL.md and associated code snippets. 2. Boundary markers: Absent; no delimiters are used to isolate user input. 3. Capability inventory: Network requests (requests.post, fetch) and File-write operations (Path.write_bytes, fs.writeFileSync). 4. Sanitization: Absent; no validation of prompt input or API-returned description text.
- [COMMAND_EXECUTION] (HIGH): The skill documentation provides functional code to write binary data from an external API directly to the local filesystem. This represents a significant risk if the untrusted API is compromised or manipulated via injection.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on 'api.eng0.ai', which is not a trusted external source. This introduces risks regarding data privacy and the integrity of the generated content.
- [PROMPT_INJECTION] (MEDIUM): Deceptive branding (Category 7). The skill identifies as 'Google Nano Banana', a non-existent Google product, which may mislead users or agents regarding its official support and safety standards.
Recommendations
- AI detected serious security threats
Audit Metadata