nano-banana-2
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation process involves executing a remote script from https://cli.inference.sh directly in the shell. This pattern is dangerous as it allows the remote server to execute arbitrary code on the system without prior verification.
- [EXTERNAL_DOWNLOADS]: The skill downloads a CLI binary from dist.inference.sh during its setup phase.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute infsh commands, which grants the agent the ability to run local processes.
- [PROMPT_INJECTION]: The skill demonstrates an unsafe pattern by interpolating user-controlled input into a bash command string. This creates an indirect prompt injection surface where a malicious input could potentially lead to command injection. Ingestion points: prompt input in SKILL.md. Boundary markers: None present in the command template. Capability inventory: Bash tool execution in SKILL.md. Sanitization: No sanitization or escaping of the user-provided prompt is performed before it is passed to the shell.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata