nano-banana

This skill is a documentation wrapper around the inference.sh CLI to access Gemini image models. The functionality described (text-to-image, image editing) reasonably requires a CLI and network access. The primary security concerns are supply-chain and third-party trust: the Quick Start encourages a pipe-to-shell installer (curl | sh) and the CLI and binaries are hosted on inference.sh/dist.inference.sh rather than using a direct official Google integration. That means prompts, images, and authentication flow through a third-party service; users must trust that service's handling of credentials and data. There is no direct evidence of malicious code in this README-like skill file, but the download-and-execute pattern plus routing of sensitive inputs through an intermediary raise medium-to-high supply-chain and data-exposure risk. Recommend: avoid pipe-to-shell installs, require pinned/verifiable releases, clarify authentication flows (OAuth vs. inference.sh account), and document data retention and endpoints. If the user cannot trust inference.sh, do not use this skill.