Skills
skills/wuchubuzai2018/expert-skills-hub/nano-banana-2-image-gen/Gen Agent Trust Hub

nano-banana-2-image-gen

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions direct the agent to execute local scripts (scripts/generate_image.js or scripts/generate_image.py) using shell commands to process images and communicate with the API.
  • [DATA_EXFILTRATION]: The skill performs network requests to an external third-party domain (api.apiyi.com) to transmit user prompts and image data. While this is the intended purpose, it involves sending data to a service outside standard trusted cloud environments.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through the input-image parameter used for image editing tasks.
  • Ingestion points: The -i/--input-image parameter in scripts/generate_image.js and scripts/generate_image.py accepts arbitrary local file paths provided via agent commands.
  • Boundary markers: The skill does not implement boundary markers or instructions to the model to ignore potential malicious content embedded within processed files.
  • Capability inventory: The scripts possess the capability to read any local file (via fs.readFileSync or open().read()) and transmit the content as base64-encoded data to a remote API.
  • Sanitization: There is no sanitization of file paths or verification of file types, which could allow an attacker to manipulate the agent into reading and exfiltrating sensitive system files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 08:58 PM