The Agent Skills Directory

EXTERNAL_DOWNLOADS (HIGH): The skill instructs users and the agent to install an extension from an unverified GitHub organization (gemini-cli-extensions). This repository is not part of the trusted list and represents a significant supply chain risk.
REMOTE_CODE_EXECUTION (HIGH): The installation process for the nanobanana extension involves downloading and executing remote code via the gemini extensions install command. When combined with instructions to use the --yolo flag, this allows for unprompted execution of third-party code.
COMMAND_EXECUTION (MEDIUM): The instructions explicitly mandate the use of the --yolo flag for all operations. This flag is designed to suppress user confirmation prompts for tool actions, effectively removing the human-in-the-loop security boundary and allowing potentially malicious commands to run without oversight.
METADATA_POISONING (LOW): The README references a package @anthropic-ai/gemini-cli. This appears to be a misleading package name, as Gemini is a Google product and the provided link points to the google-gemini repository. This could lead to the installation of a typosquatted or malicious npm package.
PROMPT_INJECTION (LOW): The skill uses assertive language in its metadata ('REQUIRED for all image generation requests', 'ALWAYS use this skill') which attempts to override the agent's internal logic for tool selection.

nano-banana