Skills
skills/leegonzales/aiskills/nano-banana/Gen Agent Trust Hub

nano-banana

Warn

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the setup of an MCP server by downloading the nanobanana-mcp or nano-banana-mcp packages directly from the npm registry.
  • [REMOTE_CODE_EXECUTION]: The skill uses the npx utility to dynamically download and execute external code on the host machine. This is used to run the MCP server that interfaces with Google's Gemini models.
  • [COMMAND_EXECUTION]: The skill provides specific shell command templates for using magick (ImageMagick) to perform image compositing and branding operations on local files.
  • [PROMPT_INJECTION]: The skill processes untrusted user prompts and editing instructions as part of its core image generation and modification workflow, creating a surface for indirect prompt injection.
  • Ingestion points: The prompt parameter in gemini_generate_image and the instructions parameter in gemini_edit_image and continue_editing.
  • Boundary markers: Absent. There are no delimiters or specific instructions provided to the agent to treat the user-supplied content as untrusted or to ignore embedded instructions.
  • Capability inventory: The skill possesses the capability to execute shell commands via npx and magick, and it writes generated files to the ~/Documents/nanobanana_generated/ directory.
  • Sanitization: No input validation or sanitization is performed on the prompt or instruction strings before they are passed to the underlying image generation tools.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 12, 2026, 03:29 AM