Skills
skills/runcomfy-com/skills/nano-banana-2/Gen Agent Trust Hub

nano-banana-2

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates image generation by executing the runcomfy CLI tool with structured JSON input. The documentation explicitly notes that the CLI avoids shell expansion to mitigate command injection risks.
  • [EXTERNAL_DOWNLOADS]: The skill references the installation of the @runcomfy/cli package and specifies that generated assets are downloaded from authorized vendor domains, including *.runcomfy.net and *.runcomfy.com.
  • [CREDENTIALS_UNSAFE]: The skill provides instructions for standard, secure secret management, recommending the use of environment variables (RUNCOMFY_TOKEN) or owner-restricted configuration files (~/.config/runcomfy/token.json) rather than hardcoding credentials.
  • [DATA_EXFILTRATION]: Outbound network operations are transparently documented as limited to the author's official API endpoints for request submission and asset retrieval.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 02:04 PM