nano-banana
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill directs the agent to install a CLI extension from 'https://github.com/gemini-cli-extensions/nanobanana'. This organization is not on the trusted sources list. Installing extensions from untrusted repositories is a high-risk action that can lead to remote code execution.
- COMMAND_EXECUTION (HIGH): The skill mandates the use of the '--yolo' flag for all operations, which is explicitly defined to 'automatically approve all tool actions (no confirmation prompts)'. This intentionally disables the 'human-in-the-loop' safety mechanism for executing bash commands.
- COMMAND_EXECUTION (HIGH): The skill is vulnerable to shell command injection. User-provided strings are interpolated directly into bash commands using simple single quotes (e.g.,
gemini --yolo "/generate 'prompt'"). A malicious user could escape the quote (e.g.,'; rm -rf /; ') to execute arbitrary commands with the agent's privileges. - PROMPT_INJECTION (MEDIUM): The skill uses aggressive, overriding language ('REQUIRED', 'ALWAYS use', 'Do NOT attempt... any other method') designed to force the agent to prioritize this skill over its default tools or safety guidelines.
- DATA_EXPOSURE (LOW): The skill documentation includes commands to check for the presence of the 'GEMINI_API_KEY' environment variable. While it does not explicitly exfiltrate the key, it draws attention to sensitive credentials.
Recommendations
- AI detected serious security threats
Audit Metadata