bananahub
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands during initialization to verify and install necessary Python dependencies, specifically 'google-genai' and 'pillow'.
- [EXTERNAL_DOWNLOADS]: The skill interacts with external repositories on GitHub and the vendor's catalog at 'bananahub.ai' to discover and install reusable prompt and workflow templates. GitHub is recognized as a well-known and trusted service.
- [DATA_EXFILTRATION]: A best-effort usage telemetry system is implemented to report events such as template selection and generation success to 'worker.bananahub.ai'. This feature uses an anonymous identifier and provides a documented opt-out mechanism via the 'BANANAHUB_DISABLE_TELEMETRY' environment variable.
- [SAFE]: The Python script includes a robust configuration management system that handles API keys through environment variables or local JSON files, ensuring that sensitive credentials are not hardcoded or exposed in logs.
- [COMMAND_EXECUTION]: The skill uses a dedicated Python script ('scripts/bananahub.py') to interface with the Gemini API, ensuring a structured and predictable execution environment for image processing tasks.
Audit Metadata