emojigen-nano-banana
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-defined configurations that are interpolated into AI prompts.
- Ingestion points: The skill reads from assets/example-config.json and user-supplied images.
- Boundary markers: The prompt building logic in scripts/emojigen.mjs lacks explicit delimiters or instructions to ignore instructions within user-provided fields like characterNotes.
- Capability inventory: The script can perform file operations and execute system commands.
- Sanitization: No comprehensive sanitization is performed on text interpolated into the prompts.
- [COMMAND_EXECUTION]: The skill relies on external system binaries and official SDKs.
- Evidence: It executes magick for image processing, pngpaste for clipboard tasks, and osascript for macOS-specific actions. It also utilizes the @google/genai library to interface with Google's AI services.
- Risk: Commands are executed via spawn with hardcoded names, though the AppleScript for clipboard access is constructed by interpolating a file path into a script string.
Audit Metadata