nano-banana-pro
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted user input (text prompts and images) which are forwarded to the Gemini API.
- Ingestion points: The script
scripts/generate_image.pyaccepts user-defined values for the--promptand--input-imagearguments. - Boundary markers: No delimiters or explicit safety instructions are applied to the user input before it is sent to the model.
- Capability inventory: The skill utilizes network access to communicate with Google's API and has the capability to write files to the local disk using the Pillow library.
- Sanitization: There is no evidence of input validation or sanitization for the prompt strings.
- [EXTERNAL_DOWNLOADS]: The skill depends on 'google-genai' and 'pillow', which are well-known and trusted packages from established organizations.
- [DATA_EXPOSURE]: No hardcoded credentials or secrets were detected. The skill correctly implements a hierarchy for API key retrieval from command arguments or environment variables.
Audit Metadata