nano-banana-videogen
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill documentation correctly instructs users to store sensitive information like the
GEMINI_API_KEYin environment variables or.envfiles, which is a standard and secure practice for local development tools. - [EXTERNAL_DOWNLOADS]: The skill utilizes the
nano-bananaCLI, which is distributed via a scoped NPM package@the-focus-ai/nano-banana. This is a well-known distribution method from the skill's official vendor. - [COMMAND_EXECUTION]: The provided commands are strictly limited to the intended functionality of the video generation tool (e.g.,
nano-banana --video ...). No arbitrary or suspicious shell commands were detected. - [DATA_EXFILTRATION]: There are no patterns suggesting unauthorized data collection or exfiltration. Network operations are directed towards official model endpoints as part of the CLI's core function.
- [PROMPT_INJECTION]: The skill includes extensive guidance on 'Negative Guidance' (e.g., 'No subtitles, no text overlay') which are benign functional instructions intended to improve model output quality rather than bypass safety guardrails.
Audit Metadata