nano-banana-imagegen

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates image generation by executing the @the-focus-ai/nano-banana CLI tool from the command line.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes npx to download and run the @the-focus-ai/nano-banana package from the NPM registry.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface that could lead to command injection. Ingestion points: User-supplied text for <prompt> and <edit instruction> is accepted in SKILL.md. Boundary markers: The skill suggests wrapping inputs in double quotes (e.g., "<prompt>"), which is insufficient to prevent shell expansion attacks (e.g., using backticks or $(...)). Capability inventory: The skill uses terminal command execution via npx. Sanitization: There is no documented validation or escaping of the user-provided prompt strings before they are passed to the shell environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 11:53 AM
Security Audit — agent-trust-hub — nano-banana-imagegen