Skills
skills/inference-sh/agent-skills/nano-banana/Gen Agent Trust Hub

nano-banana

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill is configured to use the Bash tool exclusively for the infsh command (allowed-tools: Bash(infsh *)). This restricts the agent's capability to the vendor's specific toolset.
  • [EXTERNAL_DOWNLOADS]: The skill references an installation script on GitHub (https://raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.md) and documentation on the vendor's domain (inference.sh). These resources belong to the skill's author (inference-sh) and are used for legitimate setup purposes.
  • [DATA_EXFILTRATION]: The skill facilitates the transmission of user-provided text prompts and image URLs to the inference.sh API. This is the intended core functionality for image generation and editing and does not involve the exfiltration of sensitive local data.
  • [PROMPT_INJECTION]: The skill acts as an interface for an external image generation model, creating an attack surface for indirect prompt injection via user-supplied prompts.
  • Ingestion points: User-provided prompt and images parameters passed to the infsh app run command in SKILL.md examples.
  • Boundary markers: The skill uses JSON structures (--input '{"prompt": "..."}') to provide structural separation for user input.
  • Capability inventory: Capabilities are limited to executing the infsh CLI; the skill does not have access to sensitive files or general system commands.
  • Sanitization: The skill relies on the safety filters of the underlying Google Gemini image models and the vendor's API.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 09:11 AM