nano-banana-pro
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the official 'google-genai' library from a trusted vendor (Google) for its core functionality.
- [SAFE]: The skill manages sensitive API keys through environment variables, avoiding hardcoded credentials.
- [SAFE]: User prompts are sanitized using regular expressions before being used in file system operations to prevent path traversal or invalid filename issues.
- [SAFE]: The capability to read local files via the '--reference' argument is a legitimate feature for image-to-image editing, and data is transmitted only to a trusted service (Google API).
- [PROMPT_INJECTION]: The skill processes user-supplied text and image references which are then sent to an external model. This is a standard operation for image generation and does not bypass security controls.
Audit Metadata