Skills
skills/hukusuke1007/agent-skills/nano-banana-image-gen/Gen Agent Trust Hub

nano-banana-image-gen

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a local Python script (nano_banana_gen.py) via the command line to process image generation requests.
  • Evidence: python .claude/skills/nano-banana-image-gen/scripts/nano_banana_gen.py "プロンプトテキスト" in SKILL.md.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of several standard Python libraries from the public Python Package Index (PyPI).
  • Evidence: pip install google-genai pillow python-dotenv in SKILL.md.
  • [DATA_EXFILTRATION]: The Python script transmits user-provided prompts and image data to Google's Gemini API for processing.
  • Evidence: client.models.generate_content(model="gemini-3.1-flash-image-preview", ...) in scripts/nano_banana_gen.py. Note: This targets a well-known cloud service provider.
  • [CREDENTIALS_UNSAFE]: The skill utilizes an environment variable (GEMINI_API_KEY) for authentication.
  • Evidence: The script loads credentials from a .env file using python-dotenv.
  • Security Practice: SKILL.md includes proactive instructions to configure settings.json with denyRead permissions for .env, preventing the AI agent from accessing the secret key directly.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 05:43 AM