nanobanana
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The SKILL.md documentation provides a command to install the 'uv' package manager via a remote shell script from astral.sh, which is the official domain of a recognized and well-known technology provider in the Python ecosystem.
- [EXTERNAL_DOWNLOADS]: The skill retrieves official dependencies including the 'google-genai' library from standard registries and suggests the use of the 'uv' tool to manage these downloads.
- [COMMAND_EXECUTION]: Image generation and batch processing are performed by executing local Python scripts through the 'uv' runtime, which manages the environment and execution context.
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface as it accepts and processes user-provided text prompts for image generation. * Ingestion points: The 'PROMPT' argument and 'input_path(s)' in 'scripts/generate.py' and 'scripts/batch_generate.py'. * Boundary markers: Absent; user prompts are passed directly to the model without delimiters. * Capability inventory: 'scripts/generate.py' has filesystem write access to the '~/Downloads' directory and network access to the Google Gemini API. * Sanitization: Absent; while the skill performs basic file format validation, it does not apply content filtering or sanitization to the input prompt strings.
Audit Metadata