Back to skill

Security audit

Nano Banana Pro Prompts Recommend

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but it automatically pulls mutable prompt data and fetches preview images without enough containment.

Install only if you trust the YouMind-OpenLab GitHub repository and are comfortable with the skill refreshing prompt data from the live main branch. Prefer environments where network access and file writes are scoped, review downloaded references if reproducibility matters, and avoid letting it fetch or send preview media from unexpected domains.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill instructs the agent to fetch and transmit third-party sample images as part of normal operation, expanding scope from text recommendation into external content retrieval and delivery. That increases attack surface for SSRF-like fetches, unsafe media handling, privacy leakage, and policy bypass, especially because the instruction is mandatory and not conditioned on trust or consent.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill mandates an automatic GitHub freshness check and possible pull on every run, which causes unsolicited outbound requests and possible local file changes before user approval. Even if the source is legitimate, this can leak environment metadata such as IP, user agent, timing, and repository access patterns, and it normalizes silent network actions unrelated to the immediate user query.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill provides mandatory shell commands to download and delete files derived from external URLs without safety checks. That encourages direct execution of network and filesystem operations on untrusted input, increasing risk of malicious content retrieval, disk abuse, path mistakes, and unsafe tool use in environments where shell execution is powerful.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
Advertising that the package 'auto-downloads library on install' indicates network activity during installation, which can surprise users and CI systems and expands supply-chain risk. Install-time downloads can fetch mutable remote content outside the package lockfile, reducing transparency, reproducibility, and the user's ability to review what code or data enters the environment.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.