Security audit
ZenMux Image Gen (Nano Banana 2)
Security checks across malware telemetry and agentic risk
Overview
This skill appears to generate images through the ZenMux API as described, with expected use of an API key, optional input images, and local output files.
Install only if you are comfortable sending prompts and any input images to ZenMux. Prefer the ZENMUX_API_KEY environment variable over the --api-key flag, and choose output paths carefully because the script can create directories and write generated image files there.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.