nano-banana-2
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill includes instructions to download and execute a shell script from the author's official domain (https://cli.inference.sh). This script is used to install the necessary command-line interface for the skill's operations.\n- [EXTERNAL_DOWNLOADS]: During setup, the skill fetches binary files and checksums from the vendor's distribution server (dist.inference.sh). This is a standard procedure for installing the required CLI tool.\n- [COMMAND_EXECUTION]: The skill utilizes the
infshcommand-line tool. Access to execute shell commands is restricted to this specific binary by theallowed-toolsconfiguration in the skill's frontmatter.\n- [PROMPT_INJECTION]: The skill ingests user-provided text as part of its image generation capability, posing a surface for indirect prompt injection.\n - Ingestion points: The
promptandimagesparameters are interpolated into shell commands.\n - Boundary markers: Inputs are encapsulated within a JSON structure passed to the CLI tool's
--inputflag.\n - Capability inventory: The skill is restricted to running Inference.sh applications via the local CLI tool.\n
- Sanitization: Relies on the vendor CLI's ability to safely process JSON-formatted command-line inputs.
Audit Metadata