nano-banana
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user input via the
promptandimagesparameters within thebelt app runcommand. While this establishes an injection surface, it is limited to the functionality of the image generation app and does not grant unauthorized access to the system or sensitive data. (Ingestion points:promptandimagesfields in JSON input; Boundary markers: Absent; Capability inventory:Bash(belt *); Sanitization: Not explicitly implemented in prompt instructions). - [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill references external resources including an installation script and related skills from
inference.shon GitHub andnpx. These are documented as trusted references to well-known AI services and do not involve suspicious remote script piping or untrusted sources. - [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to executebeltCLI commands. This is the intended primary purpose of the skill and is appropriately scoped via theallowed-toolsfrontmatter.
Audit Metadata