visual-design
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The file
image-generation.mdrecommends downloading standalone binaries fromhttps://github.com/Factory-AI/nanobanana-cli/releases. The organizationFactory-AIis not on the trusted list, and executing unverified binaries from the internet is a major security risk. - REMOTE_CODE_EXECUTION (MEDIUM): The skill requires installing
@factory/nanobananavia NPM. Since this package and organization are not trusted, there is a risk of remote code execution during the installation or at runtime through the CLI. - COMMAND_EXECUTION (MEDIUM): The
presentations.mdfile describes features of Slidev, such asmonaco-runfor executable code blocks and Vue component rendering. This represents dynamic execution of code within the presentation environment which could be abused if malicious input is injected into the markdown source. - INDIRECT_PROMPT_INJECTION (LOW): The skill possesses a significant attack surface for indirect injection.
- Ingestion points: User-provided text prompts for image generation (
image-generation.md) and slide content creation (presentations.md). - Boundary markers: Absent; there are no instructions to the agent to ignore instructions embedded in the user's design requests.
- Capability inventory: Execution of CLI tools (
nanobanana,slidev) and file system writes to./nanobanana-output/andslides.md. - Sanitization: Absent; the skill does not mention any validation or escaping of user input before passing it to the command line.
- DATA_EXPOSURE (LOW): The
slidev --remotecommand allows for remote presentation access. If enabled without proper authentication on insecure networks, it could expose the presentation content and associated local assets.
Recommendations
- AI detected serious security threats
Audit Metadata