nano-banana
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute infsh commands, which is the primary mechanism for interacting with the inference.sh platform.
- [EXTERNAL_DOWNLOADS]: The documentation references the official inference.sh CLI tool and associated skills as external dependencies. These are hosted by a known service provider and are essential for the skill's intended functionality.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. (1) Ingestion points: User-provided prompts are passed as arguments to the infsh app run command. (2) Boundary markers: The input is structured as a JSON object within the command-line arguments. (3) Capability inventory: The skill has access to the infsh CLI via the system shell. (4) Sanitization: No explicit sanitization or validation of the prompt content is described in the skill configuration, relying on the underlying tool and agent logic.
Audit Metadata