Nano Banana Pro Prompts

Security checks across malware telemetry and agentic risk

Overview

The skill is mainly a prompt recommender, but it auto-refreshes mutable remote data and requires fetching or sending external preview images, so it needs user review before installation.

Install only if you are comfortable with the agent fetching prompt data from GitHub, refreshing local reference files over time, and accessing external preview-image URLs. Prefer reviewing scripts/setup.js first and using manual updates if you need stable, auditable prompt data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill tells the agent to execute shell commands to download remote files and then delete local files as part of prompt recommendation. That exceeds the core need of a search/recommendation skill and introduces unnecessary command execution and file-system side effects based on untrusted `sourceMedia` data.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The package description explicitly states that the skill auto-downloads a library on install, which is a supply-chain and user-consent risk because installation triggers network activity before the user has a chance to review or approve it. In an agent-skill context, install-time downloads can fetch mutable remote content and expand the trust boundary beyond the published package.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal