nano-banana

SUSPICIOUS. The skill's capabilities broadly match its stated purpose, but its trust model is weak: it installs and executes a personal GitHub repo with local dependency resolution, then asks the user to store and supply a Gemini API key to that code. No obvious exfiltration or proxy routing is documented, so this is not confirmed malware, but the install path and credential forwarding make it a medium-risk skill.