nano-banana-2
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. \n
- Ingestion points: User-provided prompt strings and image URLs are passed to the model via the
infshCLI tool inSKILL.md. \n - Boundary markers: The instructions lack delimiters or specific directives to ignore instructions embedded in the external content. \n
- Capability inventory: The skill uses the
Bash(infsh *)tool, which can execute various platform commands. \n - Sanitization: No validation or sanitization is applied to the input data before processing. \n- [COMMAND_EXECUTION]: The skill relies on the
infshCLI for its core functionality, requiring permissions to execute anyinfsh-prefixed bash command as defined in theallowed-toolssection.
Audit Metadata