nano-banana

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs running commands that print the GEMINI_API_KEY (echo $GEMINI_API_KEY | head -c 10) and to write/handle API keys directly in /etc/profile, which requires exposing secret characters verbatim and creates an exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs modifying system-wide files (e.g., echo 'export GEMINI_API_KEY="..."' >> /etc/profile), writing to /var paths, and installing packages — actions that require or encourage elevated privileges and change the machine's state, so it should be flagged.