nano-banana-pro
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION] (HIGH): High risk of Indirect Prompt Injection through untrusted external data.
- Ingestion points: Untrusted image data enters the context via the
--input-imageargument inscripts/generate_image.py. - Boundary markers: Absent. The script does not use any delimiters or specific instructions to the model to ignore potential instructions embedded in the image content or metadata.
- Capability inventory: The skill possesses file-read capabilities (
PILImage.open) and file-write capabilities (image.save) withinscripts/generate_image.py. - Sanitization: No sanitization, filtering, or validation is performed on the input image before it is processed by the model.
- [CREDENTIALS_UNSAFE] (MEDIUM): Insecure API key handling.
- The
SKILL.mddocumentation and thescripts/generate_image.pyscript support passing API keys as command-line arguments (--api-key). This practice is unsafe as it can expose secrets in shell history, process monitors, and system logs. - [EXTERNAL_DOWNLOADS] (LOW): Use of external library dependencies.
- The script requires
google-genaiandpillow. While these are from trusted sources (googleand the established Python Imaging Library community), which downgrades the severity per [TRUST-SCOPE-RULE], they still represent an external dependency surface.
Recommendations
- AI detected serious security threats
Audit Metadata