Skills
skills/fal-ai-community/skills/fal-upscale/Gen Agent Trust Hub

fal-upscale

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: CRITICALCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
  • COMMAND_EXECUTION (CRITICAL): The scripts/upscale.sh script is vulnerable to shell command injection. The variable IMAGE_URL is interpolated into an unquoted heredoc (cat <<EOF). This causes the shell to evaluate any command substitutions (e.g., $(command)) or backticks contained within the input string before the API payload is even sent. An attacker providing a crafted URL can execute arbitrary code on the host system.
  • CREDENTIALS_UNSAFE (HIGH): The skill implements a credential storage mechanism that saves the FAL_KEY to a plain-text .env file via the --add-fal-key flag. Storing secrets in plain text on the filesystem exposes sensitive API keys to any process or user with read access to the skill's directory.
  • DATA_EXFILTRATION (HIGH): The combination of command injection and the availability of the curl utility allows an attacker to exfiltrate sensitive local data, such as the stored FAL_KEY or system files, to a remote server controlled by the attacker.
  • INDIRECT_PROMPT_INJECTION (HIGH): This category flags the high-risk surface where untrusted data (the image URL) can lead to system compromise.
  • Ingestion points: The IMAGE_URL variable in scripts/upscale.sh sourced from the --image-url argument.
  • Boundary markers: None. The input is directly placed into a shell expansion context.
  • Capability inventory: Full shell execution (via expansion vulnerability), network access via curl, and filesystem write access.
  • Sanitization: No escaping or validation is performed on the input string to prevent shell metacharacter expansion.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 15, 2026, 09:25 PM