NanobananaPro 生图大师

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-template skill for NanobananaPro with no executable code, credentials, persistence, or data access, though its activation terms are broad.

Install only if you want a NanobananaPro-focused prompt assistant. Expect it may activate on broad image-generation or prompt-writing requests, and verify the package's “official certified” claim independently before relying on that branding.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger list includes very broad everyday terms such as 'prompt', '生图', '生成图片', and '做图', which are likely to appear in normal user requests unrelated to this specific skill. This can cause unintended auto-invocation, routing user input into the skill unexpectedly and potentially overriding user intent or exposing the skill in contexts where it was not explicitly requested.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill declares broad natural-language trigger phrases like “帮我生成一个...” and “这个怎么优化...”, which are common in ordinary conversation and not uniquely tied to this skill. In an agent environment, this can cause unintended activation, hijack user requests meant for other skills, and route unrelated content into this skill’s workflow, increasing the chance of misexecution or prompt confusion.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger list contains several very generic terms such as "prompt", "生图", "做图", "镜头", and "视频生成", which are likely to appear in many unrelated user requests. This can cause the skill to activate unexpectedly and steer conversations toward this skill's behavior without clear user intent, increasing the chance of prompt hijacking, poor routing, or unwanted branded content injection.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal