nano-banana
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions utilize
curl -fsSL https://cli.inference.sh | sh, which executes a remote script directly in the shell without any verification or oversight. This is a significant security risk as the remote script's content could be modified by an attacker to execute malicious code. - [COMMAND_EXECUTION]: The skill is configured with
allowed-tools: Bash(infsh *), which permits the execution of any subcommand of theinfshCLI tool. This broad access could be abused if the tool itself has vulnerabilities or if it is used to perform unauthorized file system or network operations. - [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection because it takes untrusted user input (prompts and image URLs) and passes them to an external CLI tool. Ingestion points: The
promptandimagesparameters in theinfsh app runcommands. Boundary markers: No delimiters or 'ignore instructions' warnings are present in the provided examples. Capability inventory: Theinfshtool can perform network requests to an external API and read local configuration or input files. Sanitization: There is no evidence of input validation or sanitization before the data is interpolated into the command. - [EXTERNAL_DOWNLOADS]: During installation, the skill's script downloads a binary from
dist.inference.sh. This source is not included in the list of trusted vendors or well-known services, posing a risk of downloading unverified executable content.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata