nano-banana-pro
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (LOW): The script allows passing the Gemini API key via a command-line argument (
--api-key). This is a security anti-pattern as it can expose secrets in process listings (e.g.,ps aux) and shell history files.\n - Evidence:
get_api_keyfunction inscripts/generate_image.pyand usage instructions inSKILL.md.\n- [PROMPT_INJECTION] (LOW): The skill passes user-provided prompts directly to an external Image Generation API without sanitization. While the resulting image is simply saved to disk, an attacker could use this to attempt to bypass the underlying API's safety filters.\n - Evidence:
contents = args.promptinscripts/generate_image.py.\n- [INDIRECT_PROMPT_INJECTION] (LOW): The skill has an attack surface for indirect injection as it processes untrusted prompts and input images.\n - Ingestion points:
args.promptandargs.input_imageinscripts/generate_image.py.\n - Boundary markers: Absent in code; only soft guidance provided in
SKILL.mdtemplates.\n - Capability inventory: File system read (
PILImage.open), File system write (image.save), and Network access (google-genaiclient).\n - Sanitization: None detected. Severity is LOW as the output (a PNG file) has limited influence on downstream automated decisions.
Audit Metadata