Nano Banana 2 Image Generator

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward Media.io image-generation helper, with some account/API-key privacy considerations users should understand.

Install only if you trust the community maintainer and Media.io. Use a revocable Media.io API key, monitor credit usage, avoid sensitive prompts or private image URLs, and be aware the bundled router can also query your Media.io credits balance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill documentation and metadata declare only an environment variable requirement, but the examples and referenced router imply additional capabilities: reading local files (`scripts/c_api_doc_detail.json`) and making outbound network requests to Media.io. Undeclared capabilities reduce transparency for reviewers and users, making it easier to hide data access or external communication that could expose secrets or user data.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The skill is advertised as a dedicated Nano Banana Pro image generator, but the implementation pattern shown uses a generic router backed by `c_api_doc_detail.json`, which may expose broader Media.io APIs than users expect. This mismatch is dangerous because it expands the trusted scope of the skill: a user may provide API keys and prompts for image generation while the skill can potentially invoke unrelated endpoints, including account or billing-related functionality.

Description-Behavior Mismatch

Medium

Confidence: 87% confidence
Finding: The documented skill includes a credits-balance endpoint that is outside the manifest's stated image-generation purpose, expanding the accessible behavior surface. Even though querying credits is not inherently harmful, it enables unrelated account metadata access and can normalize broader API use than users expect from this skill.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation does not warn users that prompts and reference image URLs are transmitted to a third-party service. This is a real privacy and data-handling issue because users may unknowingly submit sensitive text, proprietary concepts, or private image links to an external provider, creating confidentiality, compliance, and retention risks.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal