nano-banana

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to ask for a Google API key and to pass user-provided keys via a --api-key command-line argument (or embed them in conversation), which requires the LLM to receive and output secret values verbatim, creating an exfiltration risk.