nano-banana-videogen

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill documentation correctly instructs users to store sensitive information like the GEMINI_API_KEY in environment variables or .env files, which is a standard and secure practice for local development tools.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes the nano-banana CLI, which is distributed via a scoped NPM package @the-focus-ai/nano-banana. This is a well-known distribution method from the skill's official vendor.
  • [COMMAND_EXECUTION]: The provided commands are strictly limited to the intended functionality of the video generation tool (e.g., nano-banana --video ...). No arbitrary or suspicious shell commands were detected.
  • [DATA_EXFILTRATION]: There are no patterns suggesting unauthorized data collection or exfiltration. Network operations are directed towards official model endpoints as part of the CLI's core function.
  • [PROMPT_INJECTION]: The skill includes extensive guidance on 'Negative Guidance' (e.g., 'No subtitles, no text overlay') which are benign functional instructions intended to improve model output quality rather than bypass safety guardrails.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 11:53 AM
Security Audit — agent-trust-hub — nano-banana-videogen