fal-lip-sync
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The scripts
talking-head.shandlip-sync.shutilizecurlto interact with external AI services. - Evidence: The scripts make POST and GET requests to
https://fal.runandhttps://queue.fal.runto submit jobs and poll for completion. - [PROMPT_INJECTION]: A vulnerability for indirect prompt injection (schema confusion) exists in the way text input is handled in
talking-head.sh. - Ingestion points: The
--textargument inscripts/talking-head.shaccepts arbitrary strings that may originate from untrusted external sources processed by the agent. - Boundary markers: The script does not utilize boundary markers or 'ignore' instructions when processing this input.
- Capability inventory: The script has the capability to perform network operations (
curl) and file system writes (via.envcreation). - Sanitization: There is no escaping or validation of the
$TEXTvariable before it is interpolated into a JSON heredoc. An input containing double quotes could break the JSON structure or inject additional fields into the API request.
Audit Metadata