Skills
skills/inference-sh-3/skills/nano-banana/Gen Agent Trust Hub

nano-banana

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the agent to install a CLI tool using the command curl -fsSL https://cli.inference.sh | sh, which pipes a remote script from the vendor's domain directly to a shell for execution.
  • [EXTERNAL_DOWNLOADS]: During setup, the skill fetches binary distributions and verification checksums from the vendor's domain at dist.inference.sh.
  • [COMMAND_EXECUTION]: The skill relies on executing the infsh utility via the system bash shell to process image generation and search tasks.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by processing arbitrary user-provided text prompts and external image URLs.
  • Ingestion points: The prompt string and images URL array passed via the --input flag in SKILL.md.
  • Boundary markers: Absent; user-controlled data is interpolated directly into command-line arguments without delimiters or guardrail instructions.
  • Capability inventory: Performs shell command execution (infsh) and network-based image processing as defined in SKILL.md.
  • Sanitization: No input validation or URL sanitization is implemented for the data processed by the models.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 01:02 AM