nano-banana
Generates high-quality images from text prompts using Google's Gemini models for various visual content needs.
Install this skill
or
45/100
Security score
The nano-banana skill was audited on Jun 5, 2026 and we found 7 security issues across 2 threat categories, including 2 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
medium line 123
Template literal with variable interpolation in command context
SourceSKILL.md
| 123 | ```bash |
high line 143
Template literal with variable interpolation in command context
SourceSKILL.md
| 143 | - **zsh does NOT word-split unquoted variables** (unlike bash). `CMD="magick montage"; $CMD ...` looks for a single command literally named "magick montage". Don't stuff multi-word commands in a var — |
high line 144
Template literal with variable interpolation in command context
SourceSKILL.md
| 144 | - **Always quote expansions** — `"$OUT"`, `"${ADS[@]}"` — paths and prompts contain spaces. |
medium line 24
Access to hidden dotfiles in home directory
SourceSKILL.md
| 24 | Wizard checks dependencies (sops, age, magick), verifies the API key, and saves defaults to `~/.config/nano-banana/config.yaml`. |
medium line 203
Access to hidden dotfiles in home directory
SourceSKILL.md
| 203 | - `~/.config/nano-banana/config.yaml` — user defaults (from `init`) |
medium line 204
Access to hidden dotfiles in home directory
SourceSKILL.md
| 204 | - `~/.config/nano-banana/history.jsonl` — generation log |
medium line 205
Access to hidden dotfiles in home directory
SourceSKILL.md
| 205 | - `~/.config/nano-banana/last.json` — last run (for `again`) |
Scanned on Jun 5, 2026
View Security DashboardGitHub Stars 194
Rate this skill
Categorymarketing
UpdatedJune 15, 2026
frontendpowerpointdocxapibackendcontent-marketergraphic-designersocial-media-managerinfluencer-marketerproduct-marketergoogle-geminimarketingdesign
glebis/claude-skills