nanobanana-image
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by accepting untrusted user prompts and image data which are subsequently forwarded to the Google Gemini API for processing.\n
- Ingestion points: The
promptpositional argument and-i/--inputfile paths inscripts/generate_image.py.\n - Boundary markers: Absent. User-provided strings are interpolated directly into the JSON request body without delimiters or framing to distinguish user content from system instructions.\n
- Capability inventory: The script performs network POST requests to
generativelanguage.googleapis.com(a well-known service) and writes binary image files to the local file system as seen inscripts/generate_image.py.\n - Sanitization: Absent. There is no validation or escaping of the prompt string before it is transmitted to the remote model.
Audit Metadata