nano-banana
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a shell script
scripts/generate_image.shthat executes system commands such ascurl,mkdir, andpython3to coordinate the image generation workflow.\n- [EXTERNAL_DOWNLOADS]: The script interacts withgenerativelanguage.googleapis.com, which is a well-known and trusted service provided by Google, to transmit generation requests and receive image data.\n- [SAFE]: The skill's implementation follows industry-standard security patterns:\n - Input Sanitization: User prompts are passed through Python's
json.dumps()within the shell script before being embedded in the API request body. This effectively mitigates risks of JSON payload manipulation or command injection from untrusted prompt content.\n - Secret Management: The documentation and script correctly instruct the user to provide the
GEMINI_API_KEYvia an environment variable, ensuring that sensitive API credentials are not hardcoded or exposed in the skill files.\n - Limited Scope: The skill's operations are strictly limited to the intended purpose of communicating with a trusted API and saving the resulting image file locally.
Audit Metadata