nanobanana-skill
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the official
google-genailibrary to interact with Google's services. All external dependencies (Pillow, python-dotenv, httpx) are standard, well-maintained packages from the official PyPI registry. - [SAFE]: Sensitive information (GEMINI_API_KEY) is handled via environment variables or a local hidden file (
~/.nanobanana.env), which is a standard security practice to avoid hardcoding credentials. - [SAFE]: Command execution is limited to running the included Python script. The script uses
argparsefor safe argument parsing and does not employ dangerous functions likeeval()oros.system()on raw user input. - [SAFE]: File system operations are restricted to reading input images provided by the user and saving the generated output to a specified or auto-generated path.
Audit Metadata