nano-banana-app-store-campaign
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate App Store Optimization tasks, including codebase analysis and image generation. Behavior is consistent with its stated purpose.\n- [COMMAND_EXECUTION]: The skill executes local Python scripts (
scripts/normalize_app_store_exports.pyandscripts/build_contact_sheet.py) to handle image processing. These scripts use the standard Pillow library and do not perform any dangerous system or network operations.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it reads untrusted data from the user's codebase (as instructed in Step 1 of SKILL.md). \n - Ingestion points: Codebase and assets are read to derive branding cues.\n
- Boundary markers: None identified between codebase content and agent instructions.\n
- Capability inventory: Image generation via external API and local script execution.\n
- Sanitization: No specific sanitization of the extracted codebase content is noted.\n
- This surface is considered a low risk and is a necessary part of the skill's primary analytical function.
Audit Metadata