Skills
AGENT LAB: SKILLS
skills/feiskyer/claude-code-settings/nanobanana-skill/Gen Agent Trust Hub

nanobanana-skill

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface detected.
  • Ingestion points: User-provided text via the --prompt argument and input files via the --input argument in nanobanana.py.
  • Boundary markers: None. Input is passed directly to the Gemini API contents.
  • Capability inventory: File system read/write via PIL.Image and network access to Google Gemini API (with Google Search tool enabled).
  • Sanitization: No sanitization or validation of the prompt or input image contents is performed before being processed by the LLM.
  • [DATA_EXFILTRATION] (LOW): The script reads sensitive configuration from ~/.nanobanana.env. While this is for authentication, the --input parameter allows the agent to attempt to read arbitrary local files. Although PIL.Image.open is restricted to image formats, error messages or model 'thoughts' (enabled in the script) could potentially leak information about file existence or content if mismanaged.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:22 PM