Skills
skills/doany-ai/skills/nano-banana-2/Gen Agent Trust Hub

nano-banana-2

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Recommends the installation of the @runcomfy/cli package from the official NPM registry to provide the environment needed to interact with the RunComfy API.
  • [COMMAND_EXECUTION]: Invokes the runcomfy command-line interface to perform image generation tasks based on user-provided parameters.
  • [DATA_EXFILTRATION]: User-provided prompt data is transmitted to the service's official API at model-api.runcomfy.net to fulfill the image generation request.
  • [PROMPT_INJECTION]: The skill handles untrusted user input for image prompts. It mitigates injection risks by passing inputs as JSON strings to the CLI, ensuring they are not interpreted as shell commands. Ingestion points: user-supplied prompt values in SKILL.md examples. Boundary markers: JSON structure via the --input argument. Capability inventory: subprocess calls to the runcomfy CLI. Sanitization: use of JSON stringification to isolate prompt content from the shell execution environment.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 02:24 PM