The Agent Skills Directory

[SAFE]: The skill uses the official google-genai SDK and pillow for image processing, both of which are standard and well-maintained libraries.- [SAFE]: Sensitive data such as the GEMINI_API_KEY is handled appropriately through environment variables or command-line arguments, with no evidence of hardcoded credentials.- [SAFE]: File operations are restricted to the local filesystem for reading input images and writing the generated output, which is the primary intended function of the skill.- [INDIRECT_PROMPT_INJECTION]: The skill processes external data including user-provided text prompts and images. While it lacks explicit boundary markers or sanitization, this is standard for image generation tools and the security responsibility primarily lies with the upstream AI model's safety filters. 1. Ingestion points: generate_image.py (via --prompt and --input-image). 2. Boundary markers: Absent. 3. Capability inventory: File system access (read/write), network access (Google API). 4. Sanitization: Absent.

nano-banana-pro