nano-banana
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
beltCLI tool to perform image generation tasks. Its capabilities are explicitly limited in the YAML frontmatter using theallowed-toolsfield, restricting execution to only thebeltcommand. - [EXTERNAL_DOWNLOADS]: The documentation includes links to installation scripts and related utility skills hosted on official GitHub repositories and package registries associated with the inference.sh platform. These are documented as standard setup procedures for the toolset.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests user-provided text prompts which are passed to the remote AI models for image generation. This represents the primary functionality of the skill, and the surface area for malicious exploitation is minimal as the content is processed by the external model provider's safety layers.
- Ingestion points: The
promptfield in JSON payloads forbelt app runcommands (e.g., SKILL.md). - Boundary markers: Not explicitly defined in the prompt interpolation examples.
- Capability inventory: Limited to running the
beltCLI as defined inallowed-tools. - Sanitization: Not performed within the skill; relies on the underlying platform's safety filters.
Audit Metadata