Banana Prompt Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a prompt-writing guide for Google Banana/Imagen image prompts and does not include code, credentials, network access, or background behavior.

Safe to install from a security perspective. Be aware that it may respond to some generic image-prompt requests in its Banana/Imagen format and may include Chinese explanations by default.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger list includes a very broad everyday phrase, "帮我写个图片提示词", which can activate the skill for generic image-prompt requests beyond the intended Banana/Imagen scope. Overly broad activation can cause unintended routing, override more appropriate skills, and make prompt-handling behavior easier to hijack through ambiguous user input.

Natural-Language Policy Violations

Medium

Confidence: 87% confidence
Finding: The skill metadata states outputs include Chinese explanations by default, which forces a language choice without explicit user preference. This is mainly a policy/UX control issue, but it can also create confusion, mismatched downstream formatting, or accidental disclosure/translation of content into a language the user did not request.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal