nano-banana
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Metadata Poisoning (MEDIUM): The skill is titled 'Google Nano Banana' and uses official-sounding descriptions, yet it routes data to an unofficial third-party domain 'api.eng0.ai'. This misleading metadata can cause users and agents to misjudge the trust level of the endpoint.
- Data Exposure & Exfiltration (LOW): The skill instructions involve sending user-provided prompts to a non-whitelisted external domain ('api.eng0.ai'). While not inherently malicious, it lacks the privacy guarantees of a trusted source.
- Indirect Prompt Injection (LOW): The skill processes responses from an external API, specifically the 'description' field, which is then incorporated into the agent's context. There are no boundary markers or sanitization steps to prevent the API from returning malicious instructions. Evidence Chain: 1. Ingestion points: External API response fields 'description' and 'image' (SKILL.md). 2. Boundary markers: Absent; no instructions provided to the agent to treat API output as untrusted. 3. Capability inventory: The skill documentation describes file writing capabilities (save_image) and network POST requests. 4. Sanitization: None; the provided code snippets directly process and save API data.
Audit Metadata