nano-banana
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides an installation command
curl -fsSL https://cli.inference.sh | shthat downloads and executes a shell script. This script originates from the vendor's official domain (inference.sh) and is a standard method for installing theinfshCLI tool. The skill includes a note explaining the script's behavior, which includes OS detection and checksum verification. - [COMMAND_EXECUTION]: The skill instructions involve executing the
infshcommand to interact with image generation models. The execution environment is restricted via theallowed-toolsmetadata, which limits the agent to using only the specific vendor tool (infsh).
Audit Metadata