nano-banana
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a bundled Python script (
scripts/nb.py) to facilitate image generation tasks. This script performs routine file system operations, such as reading input images and writing generated PNG files to paths specified by the user or agent. - [DATA_EXFILTRATION]: The skill transmits user-provided text prompts and base64-encoded image data to the OpenRouter API (
openrouter.ai). This communication is necessary for the skill's primary function and targets a well-known technology service. - [CREDENTIALS_UNSAFE]: The implementation securely retrieves the
OPENROUTER_API_KEYfrom environment variables, adhering to standard practices for secret management and avoiding hardcoded credentials.
Audit Metadata