The Agent Skills Directory

[DATA_EXPOSURE]: The skill reads from ~/.nanobanana.env to retrieve the GEMINI_API_KEY. While this involves accessing a sensitive path, it is a standard and recommended practice for secure configuration and is restricted to the skill's primary functionality.
[INDIRECT_PROMPT_INJECTION]: The skill accepts user-provided text as a prompt and processes local image files, which are common surfaces for indirect injection attacks targeting the underlying AI model. The impact is minimized as it relates to image generation and does not involve executing shell commands with user data.
Ingestion points: User-supplied text via the --prompt argument and local files via the --input flag in nanobanana.py.
Boundary markers: No explicit delimiters or instructions are used to separate the user prompt from model instructions in the API request.
Capability inventory: The skill is authorized to use Bash(python3:*) to run its internal scripts.
Sanitization: No sanitization or validation is applied to the prompt string before it is sent to the Google Gemini API.

nanobanana-skill