Skills
skills/the-focus-ai/nano-banana-cli/Nano Banana Image Generation/Gen Agent Trust Hub

Nano Banana Image Generation

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on the npm package @the-focus-ai/nano-banana, which is downloaded and executed at runtime. This package is not from a trusted organization as defined in the security guidelines.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): The use of npx to run an external package allows for the execution of arbitrary code from a remote registry. Without a locked version or a trusted source, this is a risk for remote code execution.
  • [COMMAND_EXECUTION] (LOW): The skill guides the agent to execute shell commands using the nano-banana CLI. This is a standard functional requirement but requires careful handling of user input.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted user data within shell commands.
  • Ingestion points: User-provided text prompts and file paths for image processing.
  • Boundary markers: Prompt templates use double quotes (e.g., ""), which is insufficient to prevent command injection or payload execution if the input contains escaped characters.
  • Capability inventory: The agent executes shell commands via npx and has access to local files via the --file and --output flags.
  • Sanitization: No sanitization, validation, or escaping of user-provided content is performed before interpolation into the command line.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:39 PM