muapi-nano-banana
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates untrusted user data into its core logic briefs.
- Ingestion points: User inputs provided via the --subject, --action, --context, and --text flags in the generate-nano-art.sh script.
- Boundary markers: The resulting prompt uses [REASONING_BRIEF] and [EXECUTE] tags, but does not include explicit instructions to disregard instructions within the user data.
- Capability inventory: The skill has the capability to generate images by invoking a core system script (generate-image.sh).
- Sanitization: There is no evidence of input validation, escaping, or filtering before inputs are concatenated into the prompt template.
- [COMMAND_EXECUTION]: The script scripts/generate-nano-art.sh uses a path traversal pattern to execute a dependency.
- Evidence: The script defines CORE_SCRIPT using a path that traverses four levels up (../../../../), which is an unconventional way to reference dependencies and could lead to execution of unintended files if the installation context is manipulated.
Audit Metadata