The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The script scripts/upscale.sh facilitates the storage of the FAL_KEY API secret in a plain-text .env file within the skill directory via the --add-fal-key command. Storing credentials in unencrypted local files exposes sensitive information to any process or user with access to the file system.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its handling of image URLs and scale factors in scripts/upscale.sh.
Ingestion points: The script accepts IMAGE_URL and SCALE as command-line arguments, which are interpolated into a network request payload.
Boundary markers: The script uses a bash heredoc template for JSON construction, which lacks any boundary markers or delimiters to prevent input from escaping the string context.
Capability inventory: The script performs an authenticated network request using curl to the Fal.ai API.
Sanitization: There is no evidence of sanitization or escaping of the input variables. This allows an attacker to provide a malicious URL that breaks the JSON structure to inject arbitrary fields into the API request.
[COMMAND_EXECUTION]: The MODEL parameter is used to dynamically build the URL for the curl command. The lack of validation on this variable allows for potential path manipulation or URL redirection, which could lead to unauthorized interactions with other endpoints on the target service.

fal-upscale