The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses common shell utilities like curl, jq, and base64 to facilitate API interactions. These commands are used as intended for constructing requests and processing image data.\n- [EXTERNAL_DOWNLOADS]: Network operations are directed to generativelanguage.googleapis.com, which is the official and trusted endpoint for Google's Gemini API services.\n- [CREDENTIALS_UNSAFE]: The skill manages authentication through the NANO_BANANA_TOKEN environment variable, avoiding the risk of hardcoded secrets and following standard security practices.\n- [PROMPT_INJECTION]: While the skill processes user-provided text and images, which constitutes an indirect prompt injection surface, this is inherent to its primary purpose as an image generation tool. The risk is minimized by the lack of high-privilege capabilities.\n
Ingestion points: User-provided text prompts and image files are incorporated into API request payloads (SKILL.md).\n
Boundary markers: User content is interpolated into JSON structures without explicit boundary markers or instructions to the model to ignore embedded commands.\n
Capability inventory: The skill can perform network requests to Google APIs and read/write files in the /tmp directory (SKILL.md).\n
Sanitization: No explicit sanitization or input validation is performed on the user-supplied strings before they are sent to the external API.

nano-banana