nano banana 2

Security checks across malware telemetry and agentic risk

Overview

This image-generation skill is mostly coherent, but its documented commands run a script from a different skill folder, which could execute unreviewed code with the user's Gemini key and images.

Install only if you first verify or correct the command path so it runs this skill's bundled script, not a different local skill. Use an environment variable for GEMINI_API_KEY when possible, and only provide prompts or images you are comfortable sending to Google's API.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script sends the user's prompt and any supplied input images to Google's external Gemini API, but it provides no explicit warning, consent step, or privacy notice at the point of transmission. In an agent-skill context, this can expose sensitive local images or confidential prompt content to a third party without the user's clear awareness, which is a real data-handling risk even if the behavior is functionally necessary.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal