Back to skill

Security audit

p-image-try-on

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed virtual try-on integration that sends selected photos to Pruna for image generation, with privacy considerations but no evidence of hidden or destructive behavior.

Install only if you are comfortable sending the selected person, garment, and optional pose images to Pruna's external API. Use images you have rights and consent to process, avoid sensitive or identifying photos when possible, keep PRUNA_API_KEY out of chats and commits, and prefer installing just this skill rather than the whole repository if you only need try-on.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (12)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill description is broad enough to match general image-editing or compositing requests, which can cause the agent to invoke this skill outside a narrowly scoped virtual try-on use case. That increases the chance that user photos are sent to an external provider when the user did not specifically intend a third-party try-on workflow.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs uploading person photos and garment images to an external API but does not include an explicit privacy notice, consent requirement, or data-handling warning. Because person photos may contain sensitive biometric or personal information, silent transmission to a third party creates a real privacy and compliance risk.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The guidance explicitly requires a binary `persona_gender` field and says to lock voice and face-swap gender to that binary. This can cause misgendering, exclusion of non-binary users, and unsafe identity inferences without user consent, especially in a try-on and avatar context where personal appearance attributes are directly manipulated.

External Transmission

Medium
Category
Data Exfiltration
Content
-H 'Try-Sync: true' \
  -d '{
    "input": {
      "person_image": "https://api.pruna.ai/v1/files/PERSON_FILE_ID",
      "garment_images": ["https://api.pruna.ai/v1/files/GARMENT_FILE_ID"]
    }
  }'
Confidence
93% confidence
Finding
https://api.pruna.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
-H 'Model: p-image-try-on' \
  -d '{
    "input": {
      "person_image": "https://api.pruna.ai/v1/files/PERSON_FILE_ID",
      "garment_images": ["https://api.pruna.ai/v1/files/GARMENT_FILE_ID"]
    }
  }'
Confidence
93% confidence
Finding
https://api.pruna.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
-H 'Model: p-image-try-on' \
  -d '{
    "input": {
      "person_image": "https://api.pruna.ai/v1/files/PERSON_FILE_ID",
      "garment_images": [
        "https://api.pruna.ai/v1/files/MULTI_GARMENT_SHOT_ID",
        "https://api.pruna.ai/v1/files/BOTTOM_ID"
Confidence
93% confidence
Finding
https://api.pruna.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
"input": {
      "person_image": "https://api.pruna.ai/v1/files/PERSON_FILE_ID",
      "garment_images": [
        "https://api.pruna.ai/v1/files/MULTI_GARMENT_SHOT_ID",
        "https://api.pruna.ai/v1/files/BOTTOM_ID"
      ],
      "reference_pose": "https://api.pruna.ai/v1/files/POSE_REF_ID",
Confidence
94% confidence
Finding
https://api.pruna.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
## Base URL

- Predictions: `https://api.pruna.ai/v1/predictions`
- File upload: `https://api.pruna.ai/v1/files` (multipart form field `content=@file`)
- Status: `https://api.pruna.ai/v1/predictions/status/{id}`
- Delivery: use `generation_url` from a succeeded status (may be relative; prefix with `https://api.pruna.ai` if needed)
Confidence
93% confidence
Finding
https://api.pruna.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
## Base URL

- Predictions: `https://api.pruna.ai/v1/predictions`
- File upload: `https://api.pruna.ai/v1/files` (multipart form field `content=@file`)
- Status: `https://api.pruna.ai/v1/predictions/status/{id}`
- Delivery: use `generation_url` from a succeeded status (may be relative; prefix with `https://api.pruna.ai` if needed)
Confidence
93% confidence
Finding
https://api.pruna.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
- Predictions: `https://api.pruna.ai/v1/predictions`
- File upload: `https://api.pruna.ai/v1/files` (multipart form field `content=@file`)
- Status: `https://api.pruna.ai/v1/predictions/status/{id}`
- Delivery: use `generation_url` from a succeeded status (may be relative; prefix with `https://api.pruna.ai` if needed)

## Request shape
Confidence
91% confidence
Finding
https://api.pruna.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
## File uploads

1. `POST /v1/files` with `-F "content=@/path/to/file.jpg"` and `apikey` header.
2. Use `urls.get` from the response (or construct `https://api.pruna.ai/v1/files/{id}`) as the **`image`**, **`last_frame_image`**, **`images[]`**, **`person_image`**, **`garment_images[]`**, **`audio`**, etc. value in `input`.

Uploaded files expire (see upload response `expires_at`).
Confidence
96% confidence
Finding
https://api.pruna.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
## Typical success response

- **Sync:** `{ "status": "succeeded", "generation_url": "..." }`
- **Async (create):** `{ "id": "...", "get_url": "https://api.pruna.ai/v1/predictions/status/..." }`
- **Async (poll):** eventually `{ "status": "succeeded", "generation_url": "..." }`

Download binary output with `GET` to `generation_url` and the same `apikey` header.
Confidence
84% confidence
Finding
https://api.pruna.ai/

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.