nano-banana
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user to execute a shell script from the vendor's domain (https://cli.inference.sh) via a pipe to the shell (curl | sh).
- [COMMAND_EXECUTION]: The skill requires the Bash tool to run the infsh CLI for image generation and login tasks.
- [EXTERNAL_DOWNLOADS]: The installation process downloads executable binaries from dist.inference.sh and verifies them with checksums.
- [PROMPT_INJECTION]: The skill processes user-supplied prompts which are passed to the CLI, representing an indirect prompt injection surface.
- Ingestion points: The prompt parameter in the JSON input to the infsh command.
- Boundary markers: Input is structured within a JSON object.
- Capability inventory: Bash tool permits execution of the infsh CLI.
- Sanitization: No explicit sanitization or filtering is described in the skill.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata