nano-banana
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes documentation for a CLI utility that executes a local Python script using user-controlled input as arguments.
- [EXTERNAL_DOWNLOADS]: The skill references official Google API endpoints and documentation. These are trusted, well-known services used for their intended purpose.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) where user prompts are interpolated into shell commands.
- Ingestion points: User prompt argument in the CLI execution example in SKILL.md.
- Boundary markers: The example uses double quotes to wrap the prompt.
- Capability inventory: Execution of local Python scripts via the shell.
- Sanitization: No explicit sanitization or validation of the prompt string is mentioned.
Audit Metadata