nano-banana
Warn
Audited by Snyk on Jul 7, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.70). The skill explicitly requires and calls the inference.sh "belt" CLI (e.g., https://inference.sh and commands like "belt app run google/gemini-3-pro-image-preview"), which means it relies on that external service at runtime to execute remote apps/code.
Issues (1)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata