The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The skill instructions involve executing a local Python script (nanobanana.py). Analysis of this script confirms it is limited to parsing command-line arguments, managing local image files, and interacting with the official Google Gemini API.
[DATA_EXPOSURE] (SAFE): The script manages sensitive credentials (GEMINI_API_KEY) by reading them from a configuration file (~/.nanobanana.env) or environment variables, which is a standard and acceptable practice. There is no evidence of hardcoded secrets or unauthorized data exfiltration.
[EXTERNAL_DOWNLOADS] (SAFE): The skill's dependencies, listed in requirements.txt, consist of reputable and widely used packages such as google-genai, Pillow, and python-dotenv. The google-genai package is maintained by a trusted organization (Google).
[INDIRECT_PROMPT_INJECTION] (LOW): The skill possesses an ingestion surface via the --prompt and --input arguments. While these allow untrusted data to enter the agent context, the impact is confined to the content of the generated or edited image, posing minimal risk to the host system.

nanobanana-skill