Nano Banana Prompting Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent image-prompting skill that discloses its Gemini key use, helper-script workflow, and image file output behavior.

Install this if you want Gemini image prompting, but use a trusted Gemini generator helper, protect your GEMINI_API_KEY, and be deliberate about output paths and sensitive reference images.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This markdown file describes file-writing behavior by directing the agent to save output images to `~/Desktop` or another user-specified path. While it includes filename-sanitization guidance, it does not explicitly warn the user that running the skill will create or overwrite image files on disk, which is a user-data-affecting operation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal