nano-banana-image
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill documentation specifies reading and writing API keys to a local configuration file (~/.config/nano-banana-image/config.json) and performing network requests via urllib.request. While necessary for the skill's function, this combines sensitive file access with external network communication.
- [COMMAND_EXECUTION] (LOW): The skill relies on the execution of a local script, scripts/generate_image.py, which contains the functional logic but is not included in the source files for review.
- [PROMPT_INJECTION] (LOW): (Indirect Prompt Injection) The skill ingests arbitrary user text as image descriptions, which are then interpolated into API requests without documented sanitization. 1. Ingestion point: The 'description' argument in scripts/generate_image.py. 2. Boundary markers: None documented in SKILL.md. 3. Capability inventory: Local file system access and network request capabilities. 4. Sanitization: No sanitization or filtering logic is described.
Audit Metadata