nano-banana-imagegen
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates image generation by executing the
@the-focus-ai/nano-bananaCLI tool from the command line. - [EXTERNAL_DOWNLOADS]: The skill utilizes
npxto download and run the@the-focus-ai/nano-bananapackage from the NPM registry. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface that could lead to command injection. Ingestion points: User-supplied text for
<prompt>and<edit instruction>is accepted inSKILL.md. Boundary markers: The skill suggests wrapping inputs in double quotes (e.g.,"<prompt>"), which is insufficient to prevent shell expansion attacks (e.g., using backticks or $(...)). Capability inventory: The skill uses terminal command execution vianpx. Sanitization: There is no documented validation or escaping of the user-provided prompt strings before they are passed to the shell environment.
Audit Metadata