The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The installation instructions direct users to run uvx nanobanana-mcp-server@latest. This command downloads and executes the latest version of a package from a remote registry at runtime without integrity checks or version pinning.
[REMOTE_CODE_EXECUTION]: The skill relies on the nanobanana-mcp-server package, which is hosted in a repository (github.com/zhongweili/nanobanana-mcp-server) belonging to an untrusted individual rather than a recognized organization. Running this code via uvx grants it execution privileges on the user's system.
[DATA_EXFILTRATION]: The upload_file tool enables the agent to read local files from the filesystem and upload them to the Google Gemini Files API. While intended for image reference, this capability creates a significant surface for exfiltrating sensitive local data if the agent's logic is manipulated.
[COMMAND_EXECUTION]: The setup process requires manual execution of shell commands and configuration of MCP client JSON files, involving the handling of sensitive environment variables such as GEMINI_API_KEY and GCP_PROJECT_ID.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user prompts to drive image generation and editing. Because the skill has the combined capability to read files (upload_file), write files (generate_image via output_path), and perform network operations, it is susceptible to multi-step injection attacks aimed at unauthorized file access or data leakage.

nanobanana-mcp-image-generation