Nano banana korean rendering

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it renders non-Latin text for generated images using Canvas and Gemini, with normal privacy and dependency cautions.

Install only if you are comfortable running npm install, downloading font files, and sending relevant prompts or selected images to Google's Gemini service. Use a limited Gemini API key and avoid sensitive text or reference images unless you intend to upload them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The auto-activation triggers are overly broad and include common terms like 'text', 'title', and 'headline', as well as any non-Latin characters. In an agent setting, this can cause the skill to run on many ordinary requests unexpectedly, expanding access to external services and file-processing steps without clear user intent or consent.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs sending prompts and reference images to Gemini for analysis and image generation, but does not clearly warn users that their content will be transmitted to an external third-party service. This creates a privacy and data-handling risk, especially if prompts or images contain sensitive, proprietary, or personal information.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The generate path reads arbitrary local image files provided by the user and uploads them to Gemini without an explicit, in-band warning at the point of use. In agent or automation contexts, this can cause unintended disclosure of sensitive local images because users may not realize that local paths are being exfiltrated to a third-party service, especially since the skill is described primarily as text-preserving rendering.

Unpinned Dependencies

Low

Category: Supply Chain
Content: "render": "node render.mjs render" }, "dependencies": { "canvas": "^3.1.0", "@google/generative-ai": "^0.21.0" } }
Confidence: 89% confidence
Finding: "canvas": "^3.1.0"

Unpinned Dependencies

Low

Category: Supply Chain
Content: }, "dependencies": { "canvas": "^3.1.0", "@google/generative-ai": "^0.21.0" } }
Confidence: 92% confidence
Finding: "@google/generative-ai": "^0.21.0"

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal