nano-banana

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the belt CLI tool to perform image generation tasks. Its capabilities are explicitly limited in the YAML frontmatter using the allowed-tools field, restricting execution to only the belt command.
  • [EXTERNAL_DOWNLOADS]: The documentation includes links to installation scripts and related utility skills hosted on official GitHub repositories and package registries associated with the inference.sh platform. These are documented as standard setup procedures for the toolset.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests user-provided text prompts which are passed to the remote AI models for image generation. This represents the primary functionality of the skill, and the surface area for malicious exploitation is minimal as the content is processed by the external model provider's safety layers.
  • Ingestion points: The prompt field in JSON payloads for belt app run commands (e.g., SKILL.md).
  • Boundary markers: Not explicitly defined in the prompt interpolation examples.
  • Capability inventory: Limited to running the belt CLI as defined in allowed-tools.
  • Sanitization: Not performed within the skill; relies on the underlying platform's safety filters.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 04:46 PM