nanobanana-skill
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses official and well-known libraries (google-genai, Pillow, python-dotenv) for its core functionality.
- [DATA_EXPOSURE_AND_EXFILTRATION]: While the script reads an API key from
~/.nanobanana.env, this is a standard configuration practice for local tools. The key is only used to authenticate with the official Google Gemini API and is not sent to any unauthorized third-party domains. - [COMMAND_EXECUTION]: The skill instructions involve running a local Python script (
nanobanana.py) with user-provided arguments. The script uses theargparsemodule to safely handle command-line inputs, and there is no evidence of shell injection or unsafe subprocess execution. - [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided prompts and images to generate AI content. While it ingests untrusted data, it lacks capabilities that would allow an attacker to escalate privileges or execute dangerous system commands via the prompt (Category 8 surface exists but is not exploitable).
Audit Metadata