nano-banana-2
Warn
Audited by Snyk on May 28, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The required runtime workflow is
belt app run ... --input ..., where the user-suppliedprompt/images(including possible arbitrary URLs) are sent to the Gemini app and thus become LLM context; this is outsider free text because it originates from the operating user’s input rather than the skill’s bundled reference material.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.70). The skill invokes the inference.sh platform at runtime (e.g., via
belt app runor the inferencesh SDK) — https://inference.sh — which executes a remote app (google/gemini-3-1-flash-image-preview) to produce outputs, so external code is run and controls the agent's behavior.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata