nano-banana-openrouter
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The script sends data (prompts and images) to openrouter.ai. This is the intended behavior for the skill, but since the domain is not in the predefined trusted scope, it is noted as a low-severity finding.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted input which could contain malicious instructions.
- Ingestion points: User-provided strings via the --prompt argument and image data via the --input-image path.
- Boundary markers: Absent; inputs are passed directly to the model request without delimiters or instructions to ignore embedded commands.
- Capability inventory: The script has the capability to read any file the user has access to (via --input-image), write to the local filesystem (via --filename), and communicate over the network.
- Sanitization: No sanitization is performed on the input prompt or image data before being sent to the remote API.
Audit Metadata