Back to skill

Security audit

Nano Banana Pro

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward image generation/editing helper that sends user-selected prompts and images to Google's Gemini image API.

Install only if you are comfortable sending image prompts and any chosen input images to Google's Gemini service. Use GEMINI_API_KEY from the environment where possible, avoid putting API keys in chat or command history, and do not pass confidential screenshots, credentials, medical, legal, or other sensitive images unless that external processing is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill invokes a script that reads environment variables, specifically `GEMINI_API_KEY`, yet the skill declares no permissions or equivalent disclosure. This creates a transparency and least-privilege problem: users and calling systems may not realize the skill depends on sensitive environment data, increasing the chance of unintended secret exposure or unsafe execution in broader environments.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill sends user prompts and optional input images to Google's external Nano Banana Pro API, but the description does not clearly warn users that their content leaves the local environment. This is a real privacy and data-handling issue because users may provide sensitive prompts or images under the mistaken assumption that processing is local.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.