The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple system commands, including curl, jq, base64, and node, to facilitate API communication, data extraction, and post-processing of images.
[COMMAND_EXECUTION]: It invokes a local Node.js script at ~/.claude/SASAMClaudeCodeSkills/nano-banana-2/1.1.0/scripts/post-process.js to perform image optimization and apply watermarks to generated content.
[EXTERNAL_DOWNLOADS]: The skill connects to Google's official Generative Language API (generativelanguage.googleapis.com) to transmit generation prompts and receive encoded image data.
[CREDENTIALS_UNSAFE]: User-provided Google AI Studio API keys are stored in a local configuration file at ~/.claude/skills/nano-banana-2/config.json. The skill implements best practices by storing these credentials outside the project directory and providing instructions for masking them during status checks.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to the interpolation of untrusted user input into shell commands.
Ingestion points: The USER_PROMPT variable is ingested directly from user input within SKILL.md.
Boundary markers: No specific boundary markers or escaping mechanisms are utilized when embedding the prompt into the curl command payload.
Capability inventory: The skill has the capability to execute shell commands and write files to the local system.
Sanitization: There is no evidence of input validation or sanitization for the prompt content prior to its inclusion in the shell-executed string.

nano-banana-2