Nanobanana Skill

The skill is classified as suspicious due to a significant prompt injection vulnerability identified in `SKILL.md`. The instructions guide the AI agent to construct `bash` commands by directly embedding user-provided input (e.g., for `--prompt`, `--output`, `--input`) without explicit sanitization or escaping. This allows a malicious user to inject arbitrary shell commands, potentially leading to remote code execution and data exfiltration (e.g., of the `GEMINI_API_KEY` from `~/.nanobanana.env`), especially given the `allowed-tools` permission `Bash(python3:*)`.