Security audit

Nano Banana Image Workflow Helper

Security checks across malware telemetry and agentic risk

Overview

This appears to be an image-workflow helper with overly broad activation wording, but no evidence of hidden execution, data theft, destructive behavior, or privileged access.

This skill looks acceptable to install if you want Nano Banana-style image workflow assistance. Be aware it may activate when you did not intend it to because its trigger words are broad; if that happens, explicitly choose a more relevant skill or disable implicit invocation if your agent environment supports that.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Vague Triggers

High

Confidence: 97% confidence
Finding: The trigger list includes extremely generic terms such as "nano", "banana", "pro", "generate", "edit", "images", and "bug fix", which are likely to appear in many unrelated conversations. This can cause unintended activation of the skill, leading the agent to inject irrelevant workflow guidance or override more appropriate skills, reducing reliability and potentially steering image-generation tasks in unsafe or incorrect directions.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The activation description says to use the skill whenever users mention broad terms or need general workflow, checklist, analysis, or implementation support around the demand, which does not clearly bound the skill's scope. This ambiguity increases the chance of the skill being selected for loosely related requests, causing misrouting, prompt pollution, and weakened control over when this image-workflow helper should influence agent behavior.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill enables implicit invocation while providing only a broad productivity-oriented description and no clear gating conditions, so it may be auto-triggered in contexts the user did not explicitly intend. That can cause unintended prompt injection of this skill's workflow, unnecessary data exposure to the skill context, or interference with other agent behavior, especially because it is designed to shape user requests into image-generation plans.

Vague Triggers

High

Confidence: 96% confidence
Finding: The trigger sentence begins with an extremely broad everyday phrase ('Help me ...'), which can cause the skill to activate in many unrelated conversations. Over-broad activation increases the chance of accidental invocation, context hijacking, or routing user requests into this skill when a different skill or safer default behavior was intended.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: This trigger is ambiguous and truncated, so it does not clearly describe a distinct user intent before invoking the skill. Ambiguous triggers can misroute unrelated requests into this skill, leading to unreliable behavior, confused delegation, and potential exposure of user context to an unnecessary workflow.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal