Trust Assessment
nano-banana-antigravity received a trust score of 37/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 8 findings: 2 critical, 0 high, 4 medium, and 0 low severity. Key findings include Potential hardcoded secret (high entropy), Suspicious import: requests, Command Injection via unsanitized filename.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unsanitized filename The `generate_whatsapp_hd.sh` script directly uses the user-provided `--filename` argument in `magick` and `mv` shell commands without proper sanitization. This allows an attacker to inject arbitrary shell commands by crafting a malicious filename. Sanitize the `$FILENAME` variable before using it in shell commands. Consider using `printf %q` to properly quote the filename for shell execution, or validate the filename against a safe pattern (e.g., alphanumeric, hyphens, underscores, dots) and ensure it does not contain shell metacharacters. Alternatively, use a safer method for file operations that doesn't involve direct shell command interpolation, if available. | LLM | scripts/generate_whatsapp_hd.sh:45 | |
| CRITICAL | Command Injection via unsanitized filename (mv command) The `generate_whatsapp_hd.sh` script directly uses the user-provided `--filename` argument in the `mv` shell command without proper sanitization. This allows an attacker to inject arbitrary shell commands by crafting a malicious filename. Sanitize the `$FILENAME` variable before using it in shell commands. Consider using `printf %q` to properly quote the filename for shell execution, or validate the filename against a safe pattern (e.g., alphanumeric, hyphens, underscores, dots) and ensure it does not contain shell metacharacters. Alternatively, use a safer method for file operations that doesn't involve direct shell command interpolation, if available. | LLM | scripts/generate_whatsapp_hd.sh:63 | |
| MEDIUM | Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.63) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values. | Static | skills/cgnl/nano-banana-antigravity/scripts/generate_image.py:30 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/cgnl/nano-banana-antigravity/scripts/generate_image.py:127 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/cgnl/nano-banana-antigravity/scripts/generate_image.py:148 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/cgnl/nano-banana-antigravity/scripts/generate_image.py:184 | |
| INFO | Dependencies pinned to minimum versions The `generate_image.py` script specifies Python dependencies using minimum version constraints (e.g., `requests>=2.28.0`). While this ensures a functional version, it allows for automatic upgrades to potentially vulnerable future versions. Pinning to exact versions (`==`) provides stronger supply chain security by ensuring deterministic builds. Consider pinning dependencies to exact versions (e.g., `requests==2.28.0`) to ensure deterministic builds and prevent unexpected issues or vulnerabilities introduced by new versions. Regularly audit and update these pinned versions. | LLM | scripts/generate_image.py:4 | |
| INFO | Hardcoded OAuth Client Credentials The `ANTIGRAVITY_CLIENT_ID` and `ANTIGRAVITY_CLIENT_SECRET` are hardcoded directly in the `generate_image.py` script. While these are OAuth client credentials for a Google service (Antigravity) and may be publicly known or intended for client-side use, hardcoding any form of 'secret' in source code is generally discouraged as it can lead to misuse if the client is not properly secured or if these credentials are not truly public. If these credentials are truly public and intended for client-side use, document this clearly. If they are sensitive, consider moving them to environment variables, a secure configuration file, or a secrets management system, and ensure they are not exposed in publicly accessible repositories. | LLM | scripts/generate_image.py:16 |
Scan History
Embed Code
[](https://skillshield.io/report/2fe017aaa48c8862)
Powered by SkillShield