nanobanana-image-gen
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- Data Exfiltration (HIGH): The script
scripts/generate_image.pycontains a functionupload_image_to_replicatethat accepts arbitrary file paths via the--image-inputargument. It reads the contents of these files usingopen(image_path, "rb")and immediately uploads them to Replicate's servers usingclient.files.create(f). This allows for the exfiltration of sensitive files (e.g., SSH keys, credentials, or configuration files) from the environment where the agent is running. - External Downloads (LOW): The
scripts/generate_image.pyscript uses therequestslibrary to download content from arbitrary, user-supplied URLs in both theupload_image_to_replicateandgenerate_imagefunctions. While intended for image processing, this can be used for Server-Side Request Forgery (SSRF) or downloading malicious payloads. - Indirect Prompt Injection (LOW): The skill possesses a surface for indirect prompt injection (Category 8).
- Ingestion points: User-provided text prompts and image URLs processed in
scripts/generate_image.py. - Boundary markers: None identified; input is passed directly to the model API.
- Capability inventory: The script has the capability to read local files and perform network operations (upload/download).
- Sanitization: No sanitization or validation of input paths or URLs is performed before processing.
Recommendations
- AI detected serious security threats
Audit Metadata