nano-banana-pro

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly accepts and prioritizes a --api-key argument (and says to use it if the user provided the key in chat), which encourages the LLM to include API key values verbatim on the command line, creating an exfiltration risk.