Nano Banana 2 — Gemini Image Generation

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but its setup instructions can expose the full Gemini API key in command output.

Review before installing. Avoid running the full-key echo checks; verify the key with a masked or length-only command instead. Use a restricted Gemini key where possible, monitor quota and billing, and do not send private images, PII, credentials, or confidential project details in prompts or source images.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The edit workflow explicitly reads a local image, base64-encodes it, and sends it to Google's external API, but the documentation around that operation does not give a clear, prominent privacy warning at the point of use. This is dangerous because users may unknowingly transmit sensitive local images and prompt contents off-host, creating confidentiality and compliance risk in environments handling private data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal