Nano Banana Pro Custom

Security checks across malware telemetry and agentic risk

Overview

This is a coherent image-generation skill that uses a user-configured OpenAI-compatible API and does not show hidden or destructive behavior.

Install only if you are comfortable sending your prompts and selected images to the API provider you configure. Use a dedicated or limited API key, choose a trusted base URL, avoid committing config files containing secrets, and avoid sending sensitive personal or proprietary images unless the provider's data practices are acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill instructs users to store API keys in environment variables and config files without warning about credential sensitivity, file permissions, secret exposure in shell history, or safe storage practices. In this context, the skill also supports loading secrets from multiple locations, increasing the chance that credentials are left in plaintext files or broadly accessible configuration stores.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal