Trust Assessment
nano-banana-pro-image-gen received a trust score of 43/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 3 critical, 1 high, 1 medium, and 0 low severity. Key findings include Suspicious import: requests, Potential data exfiltration: file read + network send, LLM instructed to embed unsanitized user input into shell commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | LLM instructed to embed unsanitized user input into shell commands The `SKILL.md` explicitly instructs the LLM to take user-provided text for `prompt`, `filename`, and `input_path` and directly embed them into shell commands (e.g., `node scripts/generate_image.js -p "{prompt}"`). If the user input contains shell metacharacters (e.g., `"; rm -rf /tmp;"`), these will be executed by the shell, leading to arbitrary command execution. The LLM should be instructed to properly escape or quote user-provided arguments when constructing shell commands. For example, using `shlex.quote()` in Python or similar mechanisms in Node.js, or ensuring the LLM always wraps user input in single quotes and escapes any internal single quotes. Alternatively, the skill should use a safer execution method that passes arguments as a list rather than a single string to the shell. | LLM | SKILL.md:60 | |
| CRITICAL | Skill allows reading and exfiltrating arbitrary files via input image path Both `scripts/generate_image.js` and `scripts/generate_image.py` accept an `-i` or `--input-image` argument, which is a user-controlled file path. The content of this file is read, base64 encoded, and sent to an external API (`api.apiyi.com`). A malicious user could specify a path to a sensitive file (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) to exfiltrate its contents. Restrict the allowed paths for input images to a specific, sandboxed directory. Implement strict validation to prevent directory traversal (e.g., `../`). If possible, use a file picker or a secure file upload mechanism instead of direct path input. | LLM | scripts/generate_image.js:100 | |
| CRITICAL | Skill allows writing to arbitrary file paths via output filename argument Both `scripts/generate_image.js` and `scripts/generate_image.py` accept an `-f` or `--filename` argument, which is a user-controlled file path. The generated image data is written directly to this path using `fs.writeFileSync` (Node.js) or `Path(filename).write_bytes` (Python). A malicious user could specify a path to a sensitive system file (e.g., `/etc/passwd`, `/root/.ssh/authorized_keys`) to overwrite it with image data, potentially leading to denial of service or privilege escalation. Restrict the allowed output paths for generated images to a specific, sandboxed directory. Implement strict validation to prevent directory traversal (e.g., `../`). Ensure that the filename is always within the designated output directory and does not contain path separators. | LLM | scripts/generate_image.js:248 | |
| HIGH | Potential data exfiltration: file read + network send Function 'generate_image' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/wuchubuzai2018/nano-banana-pro-image-gen/scripts/generate_image.py:223 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/wuchubuzai2018/nano-banana-pro-image-gen/scripts/generate_image.py:21 |
Scan History
Embed Code
[](https://skillshield.io/report/f5406f9aa35bfc2f)
Powered by SkillShield