Skills
skills/ilkerzg/agent-skills/fal-tryon/Gen Agent Trust Hub

fal-tryon

Fail

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/tryon.sh script is vulnerable to argument injection through user-supplied parameters.
  • User input from arguments like --model, --person-url, and --garment-url is directly interpolated into a curl command string within double quotes.
  • An attacker can inject a double quote character in these fields to break out of the quoted string and append arbitrary arguments to the curl command.
  • Evidence: RESULT=$(curl -s -X POST "https://fal.run/$MODEL" ... -d "$PAYLOAD") in scripts/tryon.sh.
  • [DATA_EXFILTRATION]: The argument injection vulnerability in the curl command can be exploited to read and exfiltrate sensitive local files.
  • By injecting arguments such as --upload-file or using the @ prefix with the -d flag, an attacker could instruct curl to transmit the contents of local files (e.g., SSH keys, configuration files) to a remote server under their control.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external image URLs without sanitization.
  • Ingestion points: The --person-url and --garment-url parameters in scripts/tryon.sh accept untrusted external input.
  • Boundary markers: Absent. The URLs are passed directly to the backend API without validation or containment.
  • Capability inventory: The script performs network operations via curl to the fal.ai API.
  • Sanitization: Absent. No validation is performed on the provided URLs or the resulting JSON payload.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 3, 2026, 05:08 PM