nanobanana-skill
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes user-provided strings and image files which are passed to the Gemini API, creating a vulnerability surface where malicious instructions could influence the model behavior.\n
- Ingestion points: User-specified
--promptand--inputfiles.\n - Boundary markers: None identified in the provided instructions or script usage.\n
- Capability inventory: The skill uses
Bash(python3:*)to execute its primary logic.\n - Sanitization: No input sanitization or validation is mentioned.\n- [Unverifiable Dependencies] (LOW): The skill relies on external Python packages (
google-genai,Pillow,python-dotenv) installed via pip at runtime.\n- [Data Exposure] (LOW): The skill documentation points to~/.nanobanana.envas a location for storing theGEMINI_API_KEY. Storing secrets in plain-text environment files in a predictable home-directory path is a minor data exposure risk.\n- [Command Execution] (LOW): The skill utilizes the bash tool to execute a local Python script, which is the intended mechanism for its operation.
Audit Metadata