nano-banana
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill contains a vulnerability surface for indirect prompt injection through the
search_grounded_image.pyscript, which incorporates external search results into the prompt context. - Ingestion points: External web search data (via grounded search) and user-supplied image/text inputs.
- Boundary markers: None identified in the provided documentation or code snippets to separate external data from instructions.
- Capability inventory: Network access (Google API), file system write (saving generated images), and shell script execution.
- Sanitization: No sanitization or escaping of external search content is mentioned.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill requires
google-genaiandPillow.google-genaiis a package from the trusted organizationgoogle, andPillowis a standard, reputable library. No unknown or untrusted dependencies were detected. - [CREDENTIALS_UNSAFE] (SAFE): API keys are managed through the
GEMINI_API_KEYenvironment variable. No hardcoded credentials or secrets were found in the skill content.
Audit Metadata