nanobanana-visual
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits content derived from the local
outputs/brief.mdfile to an external API endpoint (https://api.nanobanana.com/v3/generate). This is the core functionality of the skill but involves sending user-supplied project data to a third-party service.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data fromoutputs/brief.mdwithout sanitization or boundary markers.\n - Ingestion points: The skill reads
outputs/brief.mdin the first step of its workflow to extract core messages and visual guides.\n - Boundary markers: There are no delimiters or instructions to ignore embedded commands within the processed brief file.\n
- Capability inventory: The agent has the capability to perform network POST requests via the
requestslibrary and write image files to the local file system (outputs/visuals/).\n - Sanitization: No sanitization, escaping, or validation is performed on the text extracted from the brief before it is used to construct prompts for the image generation API.
Audit Metadata