nanobanana-image-generation
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The scripts
scripts/generate_image.pyandscripts/generate_image.jsdefault to usinghttps://api.zhizengzeng.com/googleas the API endpoint. This results in theNANOBANANA_API_KEYbeing transmitted to a third-party service rather than the official Google Gemini API, creating a risk of credential interception. - [DATA_EXFILTRATION]: User-provided prompt text and local image files (read and encoded as base64) are transmitted to a third-party endpoint (
api.zhizengzeng.com) that is not part of the trusted vendors list or a well-known service. - [PROMPT_INJECTION]: The skill uses templates to generate materials-science figures that are susceptible to indirect prompt injection.
- Ingestion points: User-provided scientific background text via the positional prompt argument in
scripts/generate_image.pyandscripts/generate_image.jsis inserted directly into figure templates. - Boundary markers: Absent. User input is formatted into the prompt string without delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill performs network requests to external APIs and writes generated images and text to the local file system in
./output/nanobanana/. - Sanitization: Absent. There is no validation or escaping of the user-provided text before it is interpolated into the final instruction sent to the LLM.
Audit Metadata