eachlabs-face-swap
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill documentation includes network operations using curl to api.eachlabs.ai, which is a non-whitelisted domain.
- [COMMAND_EXECUTION] (LOW): The skill provides command-line examples using curl that access system environment variables like EACHLABS_API_KEY.
- [PROMPT_INJECTION] (MEDIUM): A vulnerability to Indirect Prompt Injection (Category 8) exists because the skill processes external content (image/video URLs) and user-defined prompts.
- Ingestion points: untrusted data enters via target_image, swap_image, and prompt fields in the API request examples in SKILL.md.
- Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within the processed URLs or prompts.
- Capability inventory: The skill possesses network exfiltration capabilities through POST and GET requests to an external API service.
- Sanitization: No evidence of input validation or sanitization for external content is found in the instructions.
Audit Metadata