nano-banana-pro-image-gen
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The command templates provided in SKILL.md (e.g., node scripts/generate_image.js -p "{prompt}") directly interpolate user-provided text into shell commands. This creates a high risk of command injection if the user input contains shell metacharacters like semicolons or pipes.
- [DATA_EXFILTRATION]: The scripts scripts/generate_image.js and scripts/generate_image.py accept arbitrary file paths via the -i/--input-image parameter. The code reads these files, encodes them to Base64, and transmits them to an external API (api.apiyi.com) without verifying that the files are actually images. This allows an attacker to exfiltrate sensitive local data such as SSH keys or environment files by tricking the agent into using those paths as inputs.
- [EXTERNAL_DOWNLOADS]: The skill transmits data to https://api.apiyi.com. This domain is not on the list of trusted organizations or well-known services, and its use for handling potentially sensitive file content increases the risk profile of the skill.
Recommendations
- AI detected serious security threats
Audit Metadata