banana-proxy
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits the user-provided
LNAPI_KEYand prompt content to a third-party proxy endpoint athttps://lnapi.com. While this is the intended purpose of the skill, users should be aware that their credentials and data are shared with this specific external service. - [COMMAND_EXECUTION]: The script
scripts/main.tsperforms file system operations, including recursive directory creation (mkdir) and file writing (writeFile), based on user-controlled CLI arguments for output paths. This allows the agent to write files to the local system. - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection due to how it processes input data.
- Ingestion points: Prompts are ingested via CLI arguments, concatenated from local files using the
--promptfilesflag, or read from standard input inscripts/main.ts. - Boundary markers: Absent; prompt strings are interpolated directly into the API request body without delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill has network access (via
fetchinscripts/providers/google.ts) and file system write access (inscripts/main.ts). - Sanitization: No sanitization, filtering, or validation is performed on the prompt content before it is sent to the image generation model.
Audit Metadata