Skills
skills/joshp123/ai-stack/nanobanana/Gen Agent Trust Hub

nanobanana

Warn

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the nanobanana CLI via a shell command. \n
  • Evidence: nanobanana <image-path> "<prompt>" [output-path] in SKILL.md.\n- [CREDENTIALS_UNSAFE]: The skill references a specific filesystem path for a sensitive API key. \n
  • Evidence: Mentions usage of /run/agenix/gemini-api-key for the GEMINI_API_KEY in SKILL.md.\n- [PROMPT_INJECTION]: The skill incorporates untrusted user input directly into a command-line instruction, creating an attack surface for indirect prompt injection. \n
  • Ingestion points: User-provided edit prompt and image paths entering via the agent context. \n
  • Boundary markers: Double quotes are used for the <prompt> argument, but none are specified for <image-path> or [output-path]. \n
  • Capability inventory: Shell command execution via bash (Category 4/10 behavior). \n
  • Sanitization: No explicit sanitization or validation of input paths or prompt content is mentioned in the skill instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 26, 2026, 08:11 AM